The gz attachment of the email contains an exe file: the malware.
Cybercrime, new Avemaria / WarZone RAT campaign via false firm PO

Malware Hunter JAMESWT Technical Analysis
New Avemaria / WarZone RAT campaign via false firm PO. The img attachment contains an exe file: the malware itself. Objective: to steal information from the victim
A new Avemaria / WarZone Rat campaign uses a fake Firm PO from a company in Kuwait as bait.
The img attachment contains an exe file: the malware itself.
The goal of cybercrime is to steal data from the victim, as AveMaria is a Remote Access Trojan (RAT) with the ability to provide remote access to the desktop, act as a keylogger, increase user privileges, steal passwords and more.