Autochk Rootkit Analysis · Low Level Pleasure
Tags
country: China
attack-pattern: Data Hooking - T1617 Malicious File - T1204.002 Malware - T1587.001 Malware - T1588.001 Software - T1592.002 Tool - T1588.002 Connection Proxy - T1090 Hooking - T1179 Rootkit - T1014 Hooking Rootkit
Show in Graph
Common Information
Type Value
UUID aaeb94d5-8d0a-4f54-98ed-06d4cdf0486a
Fingerprint ad41d714612c1c12
Analysis status DONE
Considered CTI value 0
Text language
Published Nov. 1, 2019, 2 p.m.
Added to db Sept. 26, 2022, 9:33 a.m.
Last updated Nov. 17, 2024, 10:40 p.m.
Headline Low Level Pleasure
Title Autochk Rootkit Analysis · Low Level Pleasure
Detected Hints/Tags/Attributes 46/2/18
Source URLs
Redirection Url
Details Source https://repnz.github.io/posts/autochk-rootkit-analysis/
URL Provider
Details Provider Source level domain
Details github.io repnz.github.io
Attributes
Details Type #Events CTI Value
Details Domain 1 
fltmgr.sy
Details Domain 1 
rootkits.com
Details Domain 4127 
github.com
Details File 2 
autochk.sys
Details File 69 
shlwapi.dll
Details File 1 
imekr61.dll
Details File 1 
pintlgnt.dll
Details File 10 
fltmgr.sys
Details File 46 
netstat.exe
Details File 5 
nsiproxy.sys
Details File 1 
autochkrootkitcontroller.exe
Details File 2126 
cmd.exe
Details File 34 
a.txt
Details File 7 
b.txt
Details Github username 2 
repnz
Details sha256 1 
28924b6329f5410a5cca30f3530a3fb8a97c23c9509a192f2092cbdf139a91d8
Details IPv4 1 
192.168.58.1
Details Url 1 
https://github.com/repnz/autochk-rootkit