The email text changes, but the system is always the same. Xz attachment contains an exe, the malware itself, which should load other payloads. Today, however, it is unknown which.
The xlsm attachment contacts a random link from an internal list and downloads the malware, a Trojan protagonist of campaigns especially with a courier theme.