The email GZ attachment contains a password-protected zip (not provided in the text), with an exe inside: the malware itself. It is not known what the next payload is.
Technical analysis by the Malware Hunter JAMESWT
New global campaign Dridex uses Dropbox to spread. The link in the email downloads an xls file. This downloads the dll, from an internal list of URLs, starting the malware infection
New Dridex global malspam campaign uses Dropbox to spread. The email contains a link to the service.
This, if opened, downloads an xls file.
This then downloads a DLL from an internal list of URLs, starting the malware infection.
Dridex is a very dangerous banking Trojan used by cybercrime, which has long been the protagonist of campaigns all over the world, especially on couriers and invoices. The targets are mainly companies, but not only.