The fake pdf attached to the "PURCHASE ORDER 05-30-2023" email contains a link, from which you download a tgz file with a TAR, inside which there is an exe: the malware.
Cybercrime, new Remcos campaign via purchase orders
Technical analysis by the Malware Hunter JAMESWT
New Remcos campaign via purchase orders. The email cab attachment contains an exe: the malware itself. This is a RAT with several capabilities
New Remcos campaign via “New Order September 2021”. The cab attachment distributed with two identical emails within a short distance of each other contains an exe file: the malware itself.
If opened, it activates the chain of infection. Remcos is a cybercrime Remote Access Trojan (RAT) with a wide range of features such as closely monitoring user activity, recording audio and video content, acquiring credentials, digital currency theft, downloading of additional payloads and exfiltration of confidential data avoiding detection and sandboxes.