Which Trojan can be embedded as a macro in an MS Word document and covertly creates registry keys and processes, then connects to multiple malicious C2 servers?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $24.99Unlock all

Prepare for the Certified Ethical Hacker Version 11 Exam. Study with comprehensive questions and explanations. Equip yourself with the skills needed for success!

Multiple Choice

Which Trojan can be embedded as a macro in an MS Word document and covertly creates registry keys and processes, then connects to multiple malicious C2 servers?

Explanation:
This question tests how macro-delivered malware uses Word documents to load a payload, persist on a system, and reach out to multiple control servers. A Trojan with macro capability can hide inside a Word document’s VBA code, execute when the document is opened, and then install itself by creating registry keys for persistence, start new processes, and establish connections to several command-and-control servers to receive instructions and exfiltrate data. Covert Credential Grabber fits this scenario because it is described as covertly harvesting credentials and operating through a macro-driven, multi-stage process that maintains persistence and communicates with multiple C2 endpoints. HTML Injection isn’t a Trojan delivered by a Word macro; it’s a web attack technique that injects malicious HTML into webpages. GlitchPOS is a POS-focused malware family aimed at card data theft, not a macro-based Word document Trojan that adds registry keys and uses multiple C2 servers. TAN Gabber does not align with the described macro-delivered, multi-C2, persistence-focused behavior.

This question tests how macro-delivered malware uses Word documents to load a payload, persist on a system, and reach out to multiple control servers. A Trojan with macro capability can hide inside a Word document’s VBA code, execute when the document is opened, and then install itself by creating registry keys for persistence, start new processes, and establish connections to several command-and-control servers to receive instructions and exfiltrate data. Covert Credential Grabber fits this scenario because it is described as covertly harvesting credentials and operating through a macro-driven, multi-stage process that maintains persistence and communicates with multiple C2 endpoints.

HTML Injection isn’t a Trojan delivered by a Word macro; it’s a web attack technique that injects malicious HTML into webpages. GlitchPOS is a POS-focused malware family aimed at card data theft, not a macro-based Word document Trojan that adds registry keys and uses multiple C2 servers. TAN Gabber does not align with the described macro-delivered, multi-C2, persistence-focused behavior.

More Multiple Choice Questions
Subscribe

Get the latest from Passetra

You can unsubscribe at any time. Read our privacy policy