Dudell

What is Dudell?

Dudell is a malware component that allows cyber crooks to infect multiple systems all over the world. Whenever we deal with such infections, we have to understand that they often work in tandem with several other threats. Dudell is categorized as a Trojan infection, and so it means that users probably do not realize they have been infected with it until it is a bit too late to do anything about it.

Hence, prevention is extremely important when it comes to such infections. If you want to remove Dudell, you have to perform regular system scans with reliable antispyware tools, so that you would locate and terminate this infection immediately.

Where does Dudell come from?

Dudell itself is a malicious Excel file. This file is used as a malware installer by a cyber espionage group called Rancor. Please note that the group might have different names across different security platforms. “Rancor” is used by the Unit 42 security researchers.

The group was first noticed in 2017, and it continued to carry out multiple cyber attacks across Southeast Asian throughout 2018. The group continues to target government organizations in Southeast Asia, and it uses custom malware families to deliver its payload. Aside from Dudell, one of the custom malware families involved is Derusbi. This malware familiar is associated with Chinese espionage groups.

Both Derusbi and Dudell are sent out via phishing attacks. It also means that the victims open malicious files themselves. Since such attacks often have specific targets, it is very likely that victims are used to opening multiple documents every single day. Think about it, if you work at a government organization, the flow of documents from one email account to another has to be staggering. Hence, it is a lot easier to trick such victims into opening a fraudulent file.

Security experts maintain that it is always a good idea to scan the received files with a security tool of your choice. If you work at a government organization, your system is bound to have a licensed security application. If not security measures are employed at your organization, it is important to raise the security concern questions immediately. Especially when we have things like Dudell ready to bring espionage straight onto our doorstep.

What does Dudell do?

As mentioned, Dudell is a Microsoft Excel 97-2003 document. The file name that is associated with this malware is Equipment Purchase List 2018-2020 (Final).xls. From this, we can see that a regular user might not differentiate between a legitimate file and this malicious infection at first.

This file contains a malicious macro that runs on the target system and launches the infection. Of course, you need to have macros enabled for Dudell to run. If macros aren’t enabled, it is very likely that you will receive a prompt asking you to turn macros on right when you try to open the malicious file. If you click the Enable Content button, a malicious script connects to a remote C2 server and downloads a second stage payload.

From there, it depends on what the criminals want this infection to do. Since it is a Trojan infection, the malware has many capabilities. It can terminate certain processes, upload and download files, execute commands, take screenshots, and so on. Hence, Dudell and its components could easily steal sensitive information and download more malware on the infected system. What’s worse, this malware doesn’t have an interface, so it can run in the background of the compromised system for a long time.

How do I remove Dudell?

Removing Dudell is not hard because you just need to delete all the recently downloaded suspicious files. If you cannot find the Excel file described in this article, it might have been some other file that launched this malware.

If you do not know what file you need to remove, do yourself a favor and run a full system scan with the SpyHunter free scanner. Since Dudell is just one of the many components used in this attack, you are bound to have many other malicious files on-board. Automatic malware removal is your best bet when it comes to such types of infections. Also, please refer to your IT department immediately for the security measures you need to apply in the future.

Manual Dudell Removal

1. Delete unfamiliar files from Desktop.
2. Go to the Downloads folder.
3. Delete the most recent files from the folder.
4. Press Win+R and type %TEMP%. Click OK.
5. Remove recent suspicious files from the directory.
6. Scan your computer with a licensed security tool. Download Removal Tool100% FREE spyware scan and
   tested removal of Dudell*