From David Nyaruwa [firstname.lastname@example.org]Note that I believe that "Accumentia" is a typo for "Acumentia" but has actually been copied from the SCI's own website verbatim.
Date Wed, 05 Aug 2015 13:38:23 +0300
Subject Booking Confirmation - Accumentia (16/9/15)
Please find attached a proforma invoice for Accumentia's booking of the council room
on 16/09/15. The deposit to confirm the booking is 25% (ie £205.50) with the balance
due by the date of the meeting.
SCI, 14-15 Belgrave Square, London, SW1X 8PS
T: +44 (0)20 7598 1536 E: mailto:email@example.com <mailto:firstname.lastname@example.org>
SCI - where science meets business
Phenotypic Approaches in Drug Discovery<https://www.soci.org/Events/Display-Event.aspx?EventCode=FCHEM441>,
18 March 2015, SCI, London, UK
Arrested Gels: Dynamics, Structure and Application,<https://www.soci.org/Events/Display-Event?EventCode=coll148>
23-25 March 2015, Gonville & Caius, Cambridge, UK
32nd Process Development Symposium<https://www.soci.org/Events/Display-Event.aspx?EventCode=FCHEM150>,
25-27 March 2015, Churchill College, Cambridge, UK
1 April 2015, SCI, London, UK
For the full events listing and more information go to http://www.soci.org/Events
Attached is a file named Accumentia Booking (16-9-15).doc which comes in at least two different versions [VirusTotal results 6/56 and 7/56] which contain a macro that looks like this [pastebin] and which according to Hybrid Analysis   download malware from the following locations:
This file has a detection rate of 4/55 and the Malwr report shows that it phones home to the familiar IP of:
220.127.116.11 (Reg.RU, Russia)
I strongly recommend that you block traffic to that IP. The payload is the Dridex banking trojan.