Sakula

Malware Profile Updated 3 months ago
Download STIX
Preview STIX
Sakula is a type of malware, a malicious software designed to exploit and damage computer systems. It can infiltrate systems through suspicious downloads, emails, or websites, often unbeknownst to the user. Once inside, Sakula has the potential to steal personal information, disrupt operations, or hold data for ransom. The malware manifests as an ".EXE" file and embeds itself into the system. It communicates with its command and control servers (C2) using obfuscated traffic, which is encrypted with a single byte XOR key of "0x56". Notably, Sakula samples were found to contain both 32-bit and 64-bit DLL files obfuscated in their resource sections. The existence of Sakula was first brought to public attention by cybersecurity firm CrowdStrike in a blog post titled 'Sakula Reloaded'. Detailed analysis of this malware was also provided by Dell SecureWorks in their article 'Sakula Malware Family'. However, during the investigation of a different malware sample in Forensic Threat Analysis (FTA) #1020, significant differences were observed when compared to the known characteristics of Sakula. The malware analyzed in FTA #1020, unlike Sakula, manifested as a ".DLL" file. Due to these distinctive characteristics, it was decided that this malware should be identified separately from Sakula. Consequently, it was given the name Hi-Zor. This distinction emphasizes the importance of thorough analysis in accurately identifying and categorizing new malware variants, which can significantly differ from previously documented versions.
What's your take? (Question 1 of 1)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Rat
Malware
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the Sakula Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
MITRE
a year ago
Introducing Hi-Zor RAT