The email rar attachment contains an exe file: the first malware, which downloads the second. The stolen data is exfiltrated via SMTP.
Cybercrime, Avemaria hidden in a fake request for quotation (RFQ) email

Avemaria hidden in a fake request for quotation (RFQ) email. The img attachment contains an exe, disguised as a pdf document: it’s the malware itself
Avemaria / Warzone RAT is hidden in a fake request for quotation (RFQ)-themed email.
The img attachment contains an exe, disguised as a pdf document: it’s the malware itself. The goal of cybercrime is to steal data from the victim, as AveMaria is a Remote Access Trojan (RAT) with the ability to provide remote access to the desktop, act as a keylogger, increase user privileges, steal passwords and more.