From "Melissa O'Neill" [firstname.lastname@example.org]
Date Tue, 24 Nov 2015 07:11:00 -0300
Subject Scan as requested
New Hope Specialist Care Ltd
126 Brook Road
tel: 0121 552 1055
mobile: 07811 486 270
fax: 0121 544 7104
* PLEASE CONSIDER THE ENVIRONMENT BEFORE PRINTING THIS EMAIL *
This is an email from New Hope Specialst Care Ltd. The information contained
within this message is intended for the addressee only and may contain
confidential and/or privilege information. If you are not the intended
recipient you may not peruse, use, disseminate, distribute or copy this
message. If you have received this message in error please notify the sender
immediately by email or telephone and either return or destroy the original
message. New Hope Specialsit Care Ltd accept no responsibility for any
changes made to this message after it has been sent by the original author.
The views contained herein do not necessarily represent the views of New
Hope Specialist Care Ltd This email or any of its attachments may contain
data that falls within the scope of the Data Protection Acts. You must
ensure that handling or processing of such data by you is fully compliant
with the terms and provisions of the Data Protection Act 1984 and 1988
This email has been checked for viruses by Avast antivirus software.
Attached is a file 20151009144829748.doc of which I have seen two versions (VirusTotal results  ) and which contain a macro like this [pastebin].
Analysis of these documents is pending, but the payload is likely to be the Dridex banking trojan.
Frustratingly, it looks like the web host has suspended newhopecare.co.uk which is not helpful in these circustances, as it stops the victim company from posting a warning.
These two Hybrid Analysis reports   show a download from the following locations:
This has a VirusTotal detection rate of 4/55. That VT analysis and this Malwr analysis and these two Hybrid Analysis reports   show network traffic to:
18.104.22.168 (Trinity College Hartford, US)
22.214.171.124 (Agava Ltd, Russia)
126.96.36.199 (Elvsoft SRV, Romania / Coreix, UK)
188.8.131.52 (SuperNetwork, Czech Republic)