Skip to main contentSummary
The memfd command loads a Linux executable file into memory (RAM) as an anonymous file using the memfd_create API call,
executes it, and returns the results. The file is created with an empty string as its name. Less the fact that RAM is a
file on Linux, the executable is not written to disk.
View the Detecting Linux memfd_create() Fileless Malware with Command Line Forensics
for detection guidance.
Change the Parameter Group to “Default” to use a file that was previously registered with Mythic and “New File” to
register and use a new file from your host OS.
- Needs Admin: False
- Version: 1
- Author: @Ne0nd0g
Arguments
file
The Linux executable file you want to run in memory
args
Arguments to start the executable with
Usage
MITRE ATT&CK Mapping
T1055 Process Injection
Detailed Summary
None 
