The Reveal Platform
Intel Name: Technical analysis of kkrat
Date of Scan: September 11, 2025
Impact: Medium
Summary: A malware campaign active since May 2025 has been targeting Chinese-speaking users, delivering multiple remote access trojans, including ValleyRAT, FatalRAT, and a newly identified variant dubbed kkRAT. kkRAT shares code similarities with Ghost RAT and Big Bad Wolf (大灰狼), commonly used by China-based threat actors. The analysis explores the attack chain, along with a detailed breakdown of kkRAT’s core features, its network communication protocol, supported commands, and plugin architecture, highlighting its capabilities and potential threat impact.
