The zip attachment contains an exe file: the malware itself. This, if opened, activates the infection.
Technical analysis by the Malware Hunter JAMESWT
AveMaria hides herself in an email from a Dubai company. The email lzh attachment, also arrived in Italy, hides an executable: the malware itself
AveMaria is hiding in a fake email from a Dubai company, which has also arrived in Italy.
The lzh attachment contains a fake word document, which is actually an executable. This is the malware itself and, if opened, activates the chain of infection. The goal of cybercrime is to steal data from the victim, as AveMaria is a Remote Access Trojan (RAT) with the ability to provide remote access to the desktop, act as a keylogger, increase user privileges, steal passwords and more.