SetFile

Created by Chris Campbell (@texasbe2trill)

Description

Uses the CommandLine/Terminal to set file and or directory attributes. It can set attributes, creator, creation date, modification date, and file type for multiple files at a time.

Created	Tactics	Tags
2023-04-23	Persistence Defense Evasion	bash zsh oneliner

Paths

/usr/bin/SetFile

Use Cases

Set a file or directory attribute to invisible

A bash or zsh oneliner can allow an attacker to set the file attribute to invisible. This action can establish persistence and evade detection for malicious files on the system.

for FILE in ~/*; do echo $(SetFile -a V $FILE && echo $(GetFileInfo $FILE)) >> /tmp/fileinfo.txt; sleep 2; done

Change a file’s creation and modification timestamps

Setfile can be used with the -d and -m arguments to alter a file’s creation and modification date, respectively.

SetFile -d "04/25/2023 11:11:00" -m "04/25/2023 11:12:00" targetfile.txt

Detections

No detections at time of publishing

Resources

The Invisible Bit

SetFile #

Description ##

Paths ##

Use Cases ##

Set a file or directory attribute to invisible ##

Change a file’s creation and modification timestamps ##

Detections ##

Resources ##