From: trinity [firstname.lastname@example.org]Attached is a file British Gas.doc with an MD5 a VirusTotal detection rate of 2/54. Analysis of the document is pending, however it will most likely drop the Dridex banking trojan.
Date: 22 December 2015 at 10:36
Subject: British Gas - A/c No. 602131633 - New Account
These automated analyses   show that the malicious document downloads from:
This has a VirusTotal detection rate of 3/54. All those reports indicate malicious traffic to:
18.104.22.168 (Megawire, Canada)
22.214.171.124 (OVH, France)
The payload looks like Dridex.