The gz attachment of the email contains an exe file: the malware.
Cybercrime, Quakbot uses again FORTUNE STAR TRADING, INC. certificates

Technical analysis by the Malware Hunter JAMESWT
QuakBot exploits again FORTUNE STAR TRADING, INC. certificates in its signed campaign
QuakBot exploits again FORTUNE STAR TRADING, INC. certificates to spread in it’s malspam global campaign. The company certificates are being used by cybercrime actors to sign the attachment, an executable file. The objective is to decept the anti virus and let the victims download and install the malware through the attachment and a link. For this purpose organizations from different countries have been exploited. In the last period have been used many signatures. They include those related to:
Mislean Software Limited
Master Networking s.r.o.
DocsGen Software Solutions Inc.
Digital Capital Management Ireland Limited
Equal Cash Technologies Limited
Korist Networks Incorporated
Instamix Limited
Akhirah Technologies Inc.
Bamboo Connect s.r.o.
OLIMP STROI OOO
BOREC OOO
Cubic Information Systems UAB
Highweb Ireland Operations Limited
VESNA OOO
THREE D CORPORATION PTY LTD
Umbrella LLC
Olymp LLC
Hairis LLC
SERVICE STREAM LIMITED
ABEL RENOVATIONS, INC
TRAUMALAB INTERNATIONAL APS
OOO Vertical
APPI CZ
APP DIVISION ApS
FORTUNE STAR TRADING, INC
The malware is a banking trojan with worm capabilites
QuakBot (aka Qbot) malware is a modular cybercrime banking trojan known to target businesses to steal money from their online banking accounts. It features worm capabilities to self-replicate through shared drives and removable media. The code uses powerful information-stealing features to spy on users’ banking activity.