MALWARE FAMILY
WmRAT
Internal ID: win.wm_rat
1
aliases
Last seen:Mar 17, 2026
Intelligence Profile
According to Proofpoint, WmRAT is a remote access trojan (RAT) written in C++ that uses sockets for communications and has standard RAT functionality. The RAT can gather basic host information, upload or download files, take screenshots, get geolocation data of the target machine, enumerate directories and files, and run arbitrary commands via cmd or PowerShell. The malware also generates a number of junk threads, potentially to mislead researchers or responders investigating the samples.
Threat Analysis
WmRAT is a malware family tracked by threat intelligence researchers and catalogued in the Malpedia dataset. It represents a distinct malicious software lineage with identifiable code characteristics, behaviors, and victimology.
External References
Quick Facts
TypeMalware Family
Aliases1
Also Known As
win.wm_rat
Research Links
Data sourced from Malpedia, Ransomware.live, RansomLook, and CTIWATCH OSINT collection. Actor attribution is based on available intelligence and may be incomplete.