The email GZ attachment contains a password-protected zip (not provided in the text), with an exe inside: the malware itself. It is not known what the next payload is.
Technical analysis by the Malware Hunter JAMESWT
New AgentTesla courier-themed campaign. The GZ attachment of the email directly contains the malware (an exe file). This steals sensitive information and exfilters it via FTP
AgentTesla returns with a new courier-themed campaign. The bait is an email about a false non-delivery with a document in GZ format attached.
This directly contains the malware (an executable file). When opened, it steals sensitive information from victims and exfilters it via FTP.
AgentTesla, in fact, through the keylogger function, is able to acquire everything the user types. Additionally, it can doctract emails and browser credentials and take screenshots. Finally, it has the ability to remotely issue commands on the infected PC, such as downloading additional payloads or updating existing ones.