rule Uptycs_QwixxRAT {
	meta:
		malware_name = "QwixxRAT"
		description = "QwixxRAT is a trojan designed to extract browser cookies, histories, credit card information and capture keylogger activities from targeted devices"
		author = "Uptycs Inc"
		version = "1"
	strings:
		$string_0 = "[CAPSLOCK: ON]" ascii wide
		$string_1 = "[ESC]" ascii wide
		$string_2 = "webcam.png" ascii wide
		$string_3 = "SELECT * FROM win32_operatingsystem" ascii wide
		$string_4 = "\\User Data\\Default\\Login Data" ascii wide
		$string_5 = "recentservers.xml" ascii wide
		$string_6 = "credit_cards.txt" ascii wide
		$string_7 = "Tasklist /fi" ascii wide
		$string_8 = "Select * from AntivirusProduct" ascii wide
		$string_9 = "\\keylogs.txt" ascii wide
		$string_10 = "AutoStealer" ascii wide
	condition:
		all of them
}