The message rar attachment contains an executable file: the malware itself. Stolen data is exfiltrated with smtp.
Technical analysis by the Malware Hunter JAMESWT
An unknown ransomware encrypts the data by inserting the ransom note into each of them. The malware spreads via a fake order and a link in the email. The data of the infected computer is sent via SMTP
False order carries an unknown ransomware. By selecting the green button (download) of the email, a url is contacted, and it downloads a zip file to the victim’s computer.
The ransomware also sends data from the infected computer via SMTP.
The main domain is currently still active, but it redirects to links disabled by Orange.