KRNRAT

Description

(Trend Micro) The other rootkit we found is called KRNRAT. It’s a full-featured backdoor with various capabilities, including process manipulation, file hiding, shellcode execution, traffic concealment, and C&C communication. We named this rootkit KRNRAT because of its internal name, just as written in its PDB string.

Names

Name
KRNRAT

Category

Malware

Type

• Backdoor
• Tunneling
• Exfiltration

Information

• https://www.trendmicro.com/en_us/research/25/d/earth-kurma-apt-campaign.html

Other Information

Uuid

32e3be0f-b2cd-4591-bd73-e972f7f5d28d

Last Card Change

2025-06-27