The “URGENT REQUEST FOR PRICE OFFER” and “Ürün 56787898 için sipariş” email attachments contain an exe: the malware. Data is stolen via SMTP and Telegram API.
The zip attachment of the “RE: Purchase Order PO-3-000000608 from FALCON INDUSTRIES LIMITED” email contains bat, which executes a JS infecting the PC with malware.
The zip attachment of the "PURCHASE ORDER" email contains a bat file. This runs a PS, which infects the machine with malware. The stolen data is exfiltrated via SMTP.
A zip attachment contains an iso with an exe: the malware. The other, a pdf downloading a zip with an exe: the same malware. The data is exfiltrated via SMTP.