To "'Sharon Howarth'" [firstname.lastname@example.org]
Date Tue, 25 Aug 2015 09:52:47 +0200
Subject Visa Card Aug 2015
Visa Card payments this month
This email has been checked for viruses by Avast antivirus software.
Attached is a document Visa Card Aug 2015.docm which I have seen in three different versions, containing one of three malicious macros    that then attempt to download a malicious binary from one of the following locations:
This executable has a detection rate of just 1/55 and the Malwr report shows network traffic to:
126.96.36.199 (Hostpro Ltd, Ukraine)
I strongly recommend that you block that IP address. The payload to this is almost definitely the Dridex banking trojan.