Date Tue, 04 Aug 2015 12:19:56 +0200
Subject INVOICE HH / 114954
Please find attached INVOICE HH / 114954
Automated mail message produced by DbMail.
Registered to Heating & Plumbing Supplies, License MBS2009358.
Attached is a file R-20787.doc which contains a malicious macro like this one [pastebin] that comes in at least two different versions, downloading from the following URLs:
The Hybrid Analysis reports   give some insight as the the characteristics of the malicious document. The downloaded file has a VirusTotal detection rate of 3/55. Automated analysis   shows traffic to the following IPs:
22.214.171.124 (Reg.RU, Russia)
126.96.36.199 (Iliad / Online S.A.S., France)
188.8.131.52 (Selectel, Russia)
The payload is the Dridex banking trojan.