| ID | C0050 |
| Objective(s) | File System |
| Related ATT&CK Techniques | None |
| Version | 2.2 |
| Created | 4 December 2020 |
| Last Modified | 30 April 2024 |
Malware sets file attributes.
| Name | Date | Method | Description |
|---|---|---|---|
| DNSChanger | 2011 | -- | DNSChanger sets file attributes. [1] |
| Gamut | 2014 | -- | Gamut sets file attributes. [1] |
| Hupigon | 2013 | -- | Hupigon sets file attributes. [1] |
| Kovter | 2016 | -- | Kovter sets file attributes. [1] |
| Redhip | 2011 | -- | Redhip sets file attributes. [1] |
| UP007 | 2016 | -- | UP007 sets file attributes. [1] |
| Tool: capa | Mapping | APIs |
|---|---|---|
| change file permission on Linux | Set File Attributes (C0050) | chown, fchown, lchown, fchownat, chmod, fchmod, fchmodat |
| set file attributes | Set File Attributes (C0050) | kernel32.SetFileAttributes, ZwSetInformationFile, NtSetInformationFile, System.IO.File::SetAttributes, System.IO.File::SetCreationTime, System.IO.File::SetCreationTimeUtc, System.IO.File::SetLastAccessTime, System.IO.File::SetLastAccessTimeUtc, System.IO.File::SetLastWriteTime, System.IO.File::SetLastWriteTimeUtc |
File System::Set File Attributes
SHA256: 27253651170386863b148afb2a0fdda7780ae65cbc31405acbd99fa06b44b79f Location: 0x140006a6dmov edx, 0x2 ; pass the value indicating for the 'hidden' attribute to be set on the file lea rcx, [rsp + 0x40] ; name of the file for which attributes should be changed call qword ptr [->KERNEL32.DLL::SetFileAttributesA] ; call Windows API for changing file attributes
[1] capa v4.0, analyzed at MITRE on 10/12/2022