Summary
The memfd command loads a Linux executable file into memory (RAM) as an anonymous file using the memfd_create API call, executes it, and returns the results. The file is created with an empty string as its name. Less the fact that RAM is a file on Linux, the executable is not written to disk. View the Detecting Linux memfd_create() Fileless Malware with Command Line Forensics for detection guidance. Change the Parameter Group to “Default” to use a file that was previously registered with Mythic and “New File” to register and use a new file from your host OS.- Needs Admin: False
- Version: 1
- Author: @Ne0nd0g