| ID | B0005 |
| Objective(s) | Anti-Behavioral Analysis |
| Related ATT&CK Techniques | None |
| Version | 2.0 |
| Created | 1 August 2019 |
| Last Modified | 21 November 2022 |
Behaviors that obstruct analysis in an emulator.
| Name | ID | Description |
|---|---|---|
| Different Opcode Sets | B0005.001 | Use different opcodes sets (ex: FPU, MMX, SSE) to block emulators. |
| Extra Loops/Time Locks | B0005.004 | Add extra loops to make time-constraint emulators give up. |
| Undocumented/Unimplemented Opcodes | B0005.002 | Use rare, undocumented, or unimplemented opcodes to block non-exhaustive emulators. |
| Unusual/Undocumented API Calls | B0005.003 | Call unusual APIs to block non-exhaustive emulators (particularly anti-virus). |
| Name | Date | Method | Description |
|---|---|---|---|
| WebCobra | 2018 | -- | Evades emulator-based analysis. [1] |
[1] https://securingtomorrow.mcafee.com/other-blogs/mcafee-labs/webcobra-malware-uses-victims-computers-to-mine-cryptocurrency/