From: Gale BarlowThere is a malicious Word document attached to the email, so far I have only seen one version of this but usually there are two or more. The document itself has a low detection rate of 1/57 and it contains a malicious macrowhich downloads a file from the following location:
Date: 13 February 2015 at 12:30
Subject: Remittance IN56583285
I hope you are OK. I am writing you to let you know that total amount specified in the contract has been paid into your bank account on the 12th of February at 15:25 via BACS payment system and should reach the destination (beneficiary's) account within 3 working days.
To see full payment details please refer to the remittance advice note attached to the letter.
Any queries? Please reply back with your questions and you will receive a prompt and qualitative response as soon as possible. Please do not hesitate to write us.
4D PHARMA PLC
This is saved as %TEMP%\dsHHH.exe and has a detection rate of 7/57, identifed as a Dridex downloader. Automated analysis tools     show a variety of activities, including communications with the following IPs:
18.104.22.168 (Pirix, Russia)
22.214.171.124 (Private Layer, Switzerland)
126.96.36.199 (Universita degli Studi dell'Insubria, Italy)
188.8.131.52 (MWTV, Latvia)
184.108.40.206 (iomart, UK)
220.127.116.11 (Frantech Solutions, US)
The malware then drops a Dridex DLL with a detection rate of 3/52 and mysteriously drops another Dridex downloader with a detection rate of 6/57. The Malwr report for that indicates there is some attempting traffic to nonexistent domains.