From: firstname.lastname@example.orgAttached is a file emailreceipt_20150130R2155644709.xls which in the sample I analysed has a VirusTotal detection rate of 6/53.
Date: 7 December 2015 at 09:43
Subject: Your receipt from Apple Store, Manchester Arndale
Thank you for shopping at the Apple Store.
To tell us about your experience, click here.
According to this Malwr report, the attachment downloads a malicious binary from:
This has a VirusTotal detection rate of precisely zero. Those reports indicate network traffic to:
126.96.36.199 (AT&T Internet Services, US)
This is the same IP as seen in this earlier spam run, and I strongly recommend that you block it. The payload is likely to be the Dridex banking trojan.