Debugger Evasion (T1622)

View on ATT&CK

In Playbook

Technique & Subtechniques

  • Debugger Evasion

Associated Tactics

  • Defense Evasion
  • Discovery

Defense Evasion (TA0005)

The adversary is trying to avoid being detected. Defense Evasion consists of techniques that adversaries use to avoid detection throughout their compromise. Techniques used for defense evasion include uninstalling/disabling security software or obfuscating/encrypting data and scripts. Adversaries also leverage and abuse trusted processes to hide and masquerade their malware. Other tactics’ techniques are cross-listed here when those techniques include the added benefit of subverting defenses.

View on ATT&CK

Procedure Examples

Description Source(s)
Check Point Research. (2021, January 4). Stopping Serial Killer: Catching the Next Strike. Retrieved September 7, 2021. Checkpoint Dridex Jan 2021
hasherezade. (2021, June 30). Module 3 - Understanding and countering malware's evasion and self-defence. Retrieved April 1, 2022. hasherezade debug
Noteworthy. (2019, January 6). Al-Khaser. Retrieved April 1, 2022. AlKhaser Debug
Patrick Wardle. (2020, July 3). OSX.EvilQuest Uncovered part ii: insidious capabilities. Retrieved March 21, 2021. wardle evilquest partii
ProcessHacker. (2009, October 27). Process Hacker. Retrieved April 11, 2022. ProcessHacker Github
vxunderground. (2021, June 30). VX-API. Retrieved April 1, 2022. vxunderground debug