The link in the photo attached to the email points to a url that downloads the exe “AWB # Ref45376289558” – the malware. The stolen data is exfiltrated via SMTP to an email address.
The ace attachment of an email on a false shipping invoice with the object "DHL AWB # 2484635344- RATE 275 KG" contains an exe file: the malware itself.