The zip attachment of the email contains an exe file, the malware itself. This steals information and exfilters it via SMTP
Technical analysis by the Malware Hunter JAMESWT
False DHL shipment carries a new Guloader campaign. The email Xz attachment contains an executable, the malware itself. This should load other payloads, but it is currently unknown what they are
A false reservation with DHL to send a package is the new lure of cybercrime, used to spread Guloader in a global campaign. The email compressed attachment in Xz format contains an executable file, the malware itself.
This should theoretically download other payloads, but it is not possible to detect which they are at the moment. In the past, Guloader has been used to convey different types of information stealers such as Agent Tesla / Origin Logger, FormBook, NanoCore RAT, Netwire RAT, Remcos RAT, Ave Maria / Warzone RAT and Parallax RAT.