The link in the text downloads a zip file with an xls inside. This contacts two URLs from which it downloads the dll and starts the malware infection.
Technical analysis by the Malware Hunter JAMESWT
The courier-themed Agent Tesla campaign is back. The bait is a fake DHL shipment. The attachment, if opened, contacts a link from which the malware is downloaded and the data is exfiltrated via SMTP
Agent Tesla returns to its global campaign with a courier-themed trap. The bait is the alleged receipt of a shipment from DHL, attached to the email. It is a .doc file which, if opened, contacts a link from which the malware is downloaded. The goal of cybercrime is to use it to steal sensitive data from victims, which is then exfiltrated via SMTP. Agent Tesla, in fact, through the keylogger function, is able to acquire everything that the user types. It can also steal browser emails and credentials and take screenshots. Finally, it has the ability to remotely issue commands on the infected PC, such as downloading additional payloads or updating existing ones.