From Kelly Pegg [firstname.lastname@example.org]Attached is a file SKM_C3350160212101601.docm which comes in several different variants. The macro in the document attempts to download a malicious executable from:
Date Mon, 15 Feb 2016 13:15:37 +0200
Subject Invoice (w/e 070216)
Please find attached invoice and timesheet.
This dropped a malicious executable with a detection rate of 6/54 which according to these automated analysis tools   calls home to:
126.96.36.199 (B & K Verwaltungs GmbH, Germany)
I strongly recommend that you block traffic to that address. The payload is the Dridex banking trojan.