From: email@example.com salesAttached is a fie with an unusual extension, ORDER LIST.ace which is actually a compressed archive (basically a modified ZIP file). It contains an executable ORDER LIST.exe which has a VirusTotal detection rate of 15/56. That same VirusTotal report indicates traffic to:
Date: Mon, 18 Apr 2016 13:46:21 +0100
Subject: Re: Quote Price
Please do confirm the Quote Price and get back to me as soon as possible.
This is hosted on:
220.127.116.11 (Hetzner, Germany)
That IP address might be worth blocking. The Hybrid Analysis indicates that this steals FTP and perhaps other passwords. This is a Pony loader which will probably try to download additional malware, but it is not clear what that it might be.