Date: 13 March 2015 at 07:50
Subject: Invoice: 2262004
Please find attached invoice : 2262004
Any queries please contact us.
Automated mail message produced by DbMail.
Registered to Penta Foods, License MBA2009357.
Attached is a Word document R-1179776.doc which actually comes in two version, both with zero detection rates, contains one of two malicious macros   which then download a component from the following locations:
This is saved as %TEMP%\fJChjfgD675eDTU.exe and has a VirusTotal detection rate of 5/57. Automated analysis tools   show a phone-home attempt to:
22.214.171.124 (Clodo-Cloud / IT House, Russia)
My sources also indicate that it phones home to:
126.96.36.199 (Webagentur, Austria)
188.8.131.52 (iomart / RapidSwitch, UK)
According to this Malwr report it also drops a DLL with a detection rate of just 2/57 which is probably Dridex.