Cybersecurity researcher and Malware Hunter, JAMESWT: The link in the message points to a URL from which it downloads an exe: the malware.
Technical analysis by the Malware Hunter JAMESWT
The new lure of Dridex’s malspam campaign is DHL. The .xmls attachment in the cybercrime email contacts some urls contained within to download the DLL and complete the malware infection
Dridex changes the bait for its malspam campaign: from the false invoices of companies it passes to those of DHL. In these hours there are several emails circulating on an alleged invoice, written in English and with an .xlsm document attached. This, if downloaded and opened, shows an image of the fake invoice. In reality, however, it is configured to contact some urls contained within it. This is in order to download a DLL, which completes the malware infection chain. It is a very dangerous banking Trojan that has long been the protagonist of campaigns all over the world.
The email text (thanks to Cocaman)
The fake DHL invoice
Dll dropped from