From "GOMEZ SANCHEZ"[firstname.lastname@example.org]The "Subject" is the victim's own email address. Attached is a file FINAL NOTIFICATION.xls which comes (so far) in three different variants (VirusTotal   ) contains one of these three malicious macros    .
Date Tue, 20 Oct 2015 13:14:56 +0430
Print out the attachment file fill it and return it back by fax or email
Analysis of the payload is pending, but is likely to be the Dridex banking trojan. Please check back later.
Sources say that the payload is Shifu, not Dridex. So far, three download location have been identified..
This file is downloaded as %TEMP%\shhg32c.exe and it has a VirusTotal detection rate of 4/56 (MD5 e4bb8a66855f6987822f5aca86060f2c). The Hybrid Analysis reports   indicate that it calls home to:
fat.uk-fags.top / 22.214.171.124 (Digital Ocean, Singapore)
I recommend that you block traffic to that IP.