KRNRAT (Malware Family)

SYMBOL	COMMON_NAME	aka. SYNONYMS

win.krnrat (Back to overview)

KRNRAT

According to Trend Micro, this is a rootkit with capabilities of a full-featured backdoor with various capabilities, including process manipulation, file hiding, shellcode execution, traffic concealment, and C&C communication. It is controlled through a range of IOCTL codes.

References

2025-04-25 ⋅ Trend Micro ⋅ Nick Dai, Sunny Lu
Earth Kurma APT Campaign Targets Southeast Asian Government, Telecom Sectors
KRNRAT Moriya

There is no Yara-Signature yet.

KRNRAT Propose Change

References

KRNRAT