Time for another spelunking session. While scanning our data for any samples with detection hits but no sandbox detonation, I came across an XLS attachment from an Italian language email.

It was flagged as containing VBA macros and a hidden XLM sheet, so let’s examine …