- Security researchers have spotted custom malware dubbed ‘Dudell’ that is being used by the Rancor cyberespionage group.
- This malware is said to be distributed by Microsoft Excel documents.
Rancor threat group
This threat group is believed to be active since 2017 and has been targeting government institutions. This group has been known for targeted attacks in Southeast Asia in 2017 and 2018.
The Dudell malware
The Rancor threat group was observed to be propagating the Dudell malware using weaponized Microsoft Excel documents.
- A malicious Macro will be triggered as soon as the victim opens the Excel document.
- When ‘Enable Content’ is clicked, the Macro begins to run.
- The Macro then locates and executes specific data under the Company field in the document’s properties.
- The primary behavior of the malware is taken care of by an export function called ‘DllInstall’.
According to security experts, this custom malware has a number of capabilities including:
- Downloading and uploading files
- Deleting files
- Taking screenshots
- Terminating specific processes
- Executing commands
- Listing folder contents
- Enumerate processes and storage volumes
The malware steals victim information including IP address, hostname, and operating system details.
Security experts have published the indicators of compromise (IOCs) that you can monitor to stay protected from threats posed by the Dudell malware.