The link points to a page from which you download an xll file: the loader. This then in turn downloads a zip with the malware inside.
Technical Analysis by the Malware Hunter JAMESWT
New “Purchase Order” themed Formbook campaign. The lzh email attachment contains an exe file: the malware itself
An email about a “Purchase Order” is the lure of a new Formbook campaign.
The message lzh attachment contains an executable file: the malware itself. This, if open, activates the chain of infection. The goal of cybercrime is to steal sensitive data from victims. Formbook, in fact, through the keylogger function, is able to acquire everything the user types. It can also steal email and browser credentials, as well as take screenshots. Finally, it has the ability to remotely issue commands on the infected PC, such as downloading additional payloads or updating those present.