The zip attachment of the "PURCHASE ORDER" email contains a bat file. This runs a PS, which infects the machine with malware. The stolen data is exfiltrated via SMTP.
Cybercrime, Panchan is a new botnet and SSH worm targeting Linux servers

Akamai: Panchan is a new botnet and SSH worm targeting Linux servers. It’s written in golang and and utilizes its built-in concurrency features to maximize spreadability and execute malware modules
Panchan is a new peer-to-peer botnet and SSH worm that emerged in March 2022 and has been actively breaching Linux servers since. Akamai cybersecurity experts discovered it. It’s written in golang and and utilizes its built-in concurrency features to maximize spreadability and execute malware modules. In addition to the “basic” SSH dictionary attack, this malware also harvests SSH keys to perform lateral movement. To avoid detection and reduce traceability, the malware drops its cryptominers as memory-mapped files, without any disk presence. It also kills the cryptominer processes if it detects any process monitoring. The most common victim vertical of Panchan (after telecom/VPS) is education, and researchers believe that behind the operation there is a Japanese cybercrime actor.