Month: December 2020

Time for another spelunking session. While scanning our data for any samples with detection hits but no sandbox detonation, I came across an XLS attachment from an Italian language email.

Figure 1 – Original Email

It was flagged as containing VBA macros and a hidden XLM sheet, so let’s examine …

Continue Reading