Date Tue, 04 Aug 2015 12:19:56 +0200
Subject INVOICE HH / 114954
Please find attached INVOICE HH / 114954
Automated mail message produced by DbMail.
Registered to Heating & Plumbing Supplies, License MBS2009358.
Attached is a file R-20787.doc which contains a malicious macro like this one [pastebin] that comes in at least two different versions, downloading from the following URLs:
The Hybrid Analysis reports   give some insight as the the characteristics of the malicious document. The downloaded file has a VirusTotal detection rate of 3/55. Automated analysis   shows traffic to the following IPs:
220.127.116.11 (Reg.RU, Russia)
18.104.22.168 (Iliad / Online S.A.S., France)
22.214.171.124 (Selectel, Russia)
The payload is the Dridex banking trojan.