From: Bobby Drell [firstname.lastname@example.org]Attached is a file Brochure2.doc which has a low detection rate which contains this malicious macro [pastebin] which downloads a component from the following location:
Date: 5 March 2015 at 10:27
Please change the year to 2015.
Please confirm receipt
This is saved as %TEMP%\324235235.exe. Note that there may be different versions of this document that download files from different locations, but the payload should be identical. In this case the executable has a detection rate of 4/57.
Automated analysis tools   show it phoning home to the following IPs:
126.96.36.199 (MWTV, Latvia)
188.8.131.52 (Digital Networks aka DINETHOSTING, Russia)
Usually this will drop a malicious Dridex DLL, although I was not able to obtain a sample.