Researchers recently observed a phishing campaign that uses innovative macro tactics to deliver the Ursnif banking Trojan while evading sandbox detection. This particular method is designed to confuse sandboxes by disassociating the causative document from the malicious action. Another sandbox evasion method involves checking enumeration values, which indicate what features are present in various versions of Microsoft Office. The new techniques described above highlight the fact that malware authors constantly tweak their code to stay one step ahead of researchers. Security professionals must account for these tactical shifts and adjust their strategies accordingly.”]
Source: https://securityintelligence.com/news/banking-trojan-uses-malware-macros-to-evade-sandbox-detection/