From firstname.lastname@example.orgAttached is a malicious document named MX62EDO 10.02.2016.doc. I haven't had time to analyse these myself, but a trusted source (thank you) says that there are three different variants of documents, downloading a malicious executable from the following locations:
Date Wed, 10 Feb 2016 11:12:41 +0200
Subject Emailing: MX62EDO 10.02.2016
Your message is ready to be sent with the following file or link
MX62EDO 10.02.2016 SERVICE SHEET
Note: To protect against computer viruses, e-mail programs may prevent
sending or receiving certain types of file attachments. Check your e-mail
security settings to determine how attachments are handled.
This drops an executable with a VirusTotal detection rate of 6/55. This malware calls back to the following IPs:
220.127.116.11 (ZNET Telekom Zrt, Hungary)
18.104.22.168 (Rackspace, US)
22.214.171.124 (Hetzner, Germany)
The payload is the Dridex banking trojan. Some chatter I have seen indicates that this has been hardened against analysis.