I have only seen one sample of this email, with a Word document IRN001549_60020918_I_01_01.doc which has a zero detection rate. Contained within this is malicious Word macro which downloads a component from the following location:
Date: 24 February 2015 at 08:09
Subject: Berendsen UK Ltd Invoice 60020918 117
Please find attached your invoice dated 21st February.
All queries should be directed to your branch that provides the service. This detail can be found on your invoice.
This e-mail and any attachments it may contain is confidential and
intended for the use of the named addressee(s) only. If you are not
the intended recipient, you have received it in error, please
immediately contact the sender and delete the material from your
computer system. You must not copy, print, use or disclose its
contents to any person. All e-mails are monitored for traffic data and
the content for security purposes.
Berendsen UK Ltd, part of the Berendsen plc Group.
Registered Office: 4 Grosvenor Place, London, SW1X 7DL.
Registered in England No. 228604
This binary has a VirusTotal detection rate of 2/57. Automated analysis tools    show that it attempts to phone home to:
188.8.131.52 (MWTV, Latvia)
184.108.40.206 (OVH, Ireland)
220.127.116.11 (Microtech Tel, US)
18.104.22.168 (World Internetwork Corporation, Thailand)
22.214.171.124 (Webazilla, US)
126.96.36.199 (KPN, Netherlands)
188.8.131.52 (UA Servers, Ukraine)
184.108.40.206 (One Telecom, Moldova)
MWTV have featured several times on this blog. A close examination of their 220.127.116.11/20 block indicates a mix of legitimate and illegitimate sites, however the bad sites are concentrated in the following ranges:
In addition to this, the malware attempts to drop a Dridex DLL which is widely detected by AV vendors with a detection rate of 30/57.