Date: 13 March 2015 at 07:50
Subject: Invoice: 2262004
Please find attached invoice : 2262004
Any queries please contact us.
Automated mail message produced by DbMail.
Registered to Penta Foods, License MBA2009357.
Attached is a Word document R-1179776.doc which actually comes in two version, both with zero detection rates, contains one of two malicious macros   which then download a component from the following locations:
This is saved as %TEMP%\fJChjfgD675eDTU.exe and has a VirusTotal detection rate of 5/57. Automated analysis tools   show a phone-home attempt to:
220.127.116.11 (Clodo-Cloud / IT House, Russia)
My sources also indicate that it phones home to:
18.104.22.168 (Webagentur, Austria)
22.214.171.124 (iomart / RapidSwitch, UK)
According to this Malwr report it also drops a DLL with a detection rate of just 2/57 which is probably Dridex.