From: trinity [email@example.com]Attached is a file British Gas.doc with an MD5 a VirusTotal detection rate of 2/54. Analysis of the document is pending, however it will most likely drop the Dridex banking trojan.
Date: 22 December 2015 at 10:36
Subject: British Gas - A/c No. 602131633 - New Account
These automated analyses   show that the malicious document downloads from:
This has a VirusTotal detection rate of 3/54. All those reports indicate malicious traffic to:
184.108.40.206 (Megawire, Canada)
220.127.116.11 (OVH, France)
The payload looks like Dridex.