From: email@example.comI have only seen a single sample of this, with a ZIP file 36890_06_2015.zip attached, which in turn contains a document 36890_06_2015.doc. This document contains a malicious macro, and is exactly the same as the one used in this campaign leading to the Dridex banking trojan.
Date: 18 February 2015 at 09:01
Subject: UK Fuels Esso E-bill
Customer No : 90714
Email address : [redacted]
Attached file name : 36890_06_2015.DOC (ZIP)
Please find attached your invoice for Week 06 2015.
If you have any queries regarding your e-bill you can contact us at firstname.lastname@example.org.
Alternatively you can log on to your account at www.velocitycardmanagement.com to review your transactions and manage your account online.
This email, its content and any files transmitted with
it are confidential and intended solely for the use of
the individual(s) to whom it is addressed.
If you are not the intended recipient, be advised that
you have received this email in error and that any use,
dissemination, forwarding, printing or copying of
this email is strictly prohibited.