BRATA - S1094 (5aff44ab-5a41-49bb-b5d1-b4876d0437f4)

BRATA (Brazilian Remote Access Tool, Android), is an evolving Android malware strain, detected in late 2018 and again in late 2021. Originating in Brazil, BRATA was later also found in the UK, Poland, Italy, Spain, and USA, where it is believed to have targeted financial institutions such as banks. There are currently three known variants of BRATA.(Citation: securelist_brata_0819)(Citation: cleafy_brata_0122)(Citation: mcafee_brata_0421)

Cluster A	Galaxy A	Cluster B	Galaxy B	Level
BRATA - S1094 (5aff44ab-5a41-49bb-b5d1-b4876d0437f4)	Malware	User Evasion - T1628.002 (24a77e53-0751-46fc-b207-99378fb35c08)	Attack Pattern	1
BRATA - S1094 (5aff44ab-5a41-49bb-b5d1-b4876d0437f4)	Malware	Archive Collected Data - T1532 (e3b936a4-6321-4172-9114-038a866362ec)	Attack Pattern	1
Remote Access Software - T1663 (0b761f2b-197a-40f2-b100-8152cb957c0c)	Attack Pattern	BRATA - S1094 (5aff44ab-5a41-49bb-b5d1-b4876d0437f4)	Malware	1
Phishing - T1660 (defc1257-4db1-4fb3-8ef5-bb77f63146df)	Attack Pattern	BRATA - S1094 (5aff44ab-5a41-49bb-b5d1-b4876d0437f4)	Malware	1
BRATA - S1094 (5aff44ab-5a41-49bb-b5d1-b4876d0437f4)	Malware	Match Legitimate Name or Location - T1655.001 (114fed8b-7eed-4136-8b9c-411c5c7fff4b)	Attack Pattern	1
Location Tracking - T1430 (99e6295e-741b-4857-b6e5-64989eb039b4)	Attack Pattern	BRATA - S1094 (5aff44ab-5a41-49bb-b5d1-b4876d0437f4)	Malware	1
Screen Capture - T1513 (73c26732-6422-4081-8b63-6d0ae93d449e)	Attack Pattern	BRATA - S1094 (5aff44ab-5a41-49bb-b5d1-b4876d0437f4)	Malware	1
Software Packing - T1406.002 (51636761-2e35-44bf-9e56-e337adf97174)	Attack Pattern	BRATA - S1094 (5aff44ab-5a41-49bb-b5d1-b4876d0437f4)	Malware	1
Data Destruction - T1662 (9ef14445-6f35-4ed0-a042-5024f13a9242)	Attack Pattern	BRATA - S1094 (5aff44ab-5a41-49bb-b5d1-b4876d0437f4)	Malware	1
System Information Discovery - T1426 (e2ea7f6b-8d4f-49c3-819d-660530d12b77)	Attack Pattern	BRATA - S1094 (5aff44ab-5a41-49bb-b5d1-b4876d0437f4)	Malware	1
BRATA - S1094 (5aff44ab-5a41-49bb-b5d1-b4876d0437f4)	Malware	Exploitation for Initial Access - T1664 (6ecbc2eb-e85a-440a-ab68-4d98f8d56fbe)	Attack Pattern	1
Lockscreen Bypass - T1461 (dfe29258-ce59-421c-9dee-e85cb9fa90cd)	Attack Pattern	BRATA - S1094 (5aff44ab-5a41-49bb-b5d1-b4876d0437f4)	Malware	1
BRATA - S1094 (5aff44ab-5a41-49bb-b5d1-b4876d0437f4)	Malware	Uninstall Malicious Application - T1630.001 (0cdd66ad-26ac-4338-a764-4972a1e17ee3)	Attack Pattern	1
System Checks - T1633.001 (6ffad4be-bfe0-424f-abde-4d9a84a800ad)	Attack Pattern	BRATA - S1094 (5aff44ab-5a41-49bb-b5d1-b4876d0437f4)	Malware	1
BRATA - S1094 (5aff44ab-5a41-49bb-b5d1-b4876d0437f4)	Malware	Transmitted Data Manipulation - T1641.001 (74e6003f-c7f4-4047-983b-708cc19b96b6)	Attack Pattern	1
Disable or Modify Tools - T1629.003 (2aa78dfd-cb6f-4c70-9408-137cfd96be49)	Attack Pattern	BRATA - S1094 (5aff44ab-5a41-49bb-b5d1-b4876d0437f4)	Malware	1
Web Protocols - T1437.001 (2282a98b-5049-4f61-9381-55baca7c1add)	Attack Pattern	BRATA - S1094 (5aff44ab-5a41-49bb-b5d1-b4876d0437f4)	Malware	1
Security Software Discovery - T1418.001 (1d44f529-6fe6-489f-8a01-6261ac43f05e)	Attack Pattern	BRATA - S1094 (5aff44ab-5a41-49bb-b5d1-b4876d0437f4)	Malware	1
Exfiltration Over C2 Channel - T1646 (32063d7f-0a39-440d-a4a3-2694488f96cc)	Attack Pattern	BRATA - S1094 (5aff44ab-5a41-49bb-b5d1-b4876d0437f4)	Malware	1
BRATA - S1094 (5aff44ab-5a41-49bb-b5d1-b4876d0437f4)	Malware	Obfuscated Files or Information - T1406 (d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a)	Attack Pattern	1
Keylogging - T1417.001 (b1c95426-2550-4621-8028-ceebf28b3a47)	Attack Pattern	BRATA - S1094 (5aff44ab-5a41-49bb-b5d1-b4876d0437f4)	Malware	1
Input Injection - T1516 (d1f1337e-aea7-454c-86bd-482a98ffaf62)	Attack Pattern	BRATA - S1094 (5aff44ab-5a41-49bb-b5d1-b4876d0437f4)	Malware	1
Download New Code at Runtime - T1407 (6c49d50f-494d-4150-b774-a655022d20a6)	Attack Pattern	BRATA - S1094 (5aff44ab-5a41-49bb-b5d1-b4876d0437f4)	Malware	1
BRATA - S1094 (5aff44ab-5a41-49bb-b5d1-b4876d0437f4)	Malware	GUI Input Capture - T1417.002 (4c58b7c6-a839-4789-bda9-9de33e4d4512)	Attack Pattern	1
BRATA - S1094 (5aff44ab-5a41-49bb-b5d1-b4876d0437f4)	Malware	Call Control - T1616 (351ddf79-2d3a-41b4-9bef-82ea5d3ccd69)	Attack Pattern	1
Geofencing - T1627.001 (e422b6fa-4739-46b9-992e-82f1b350c780)	Attack Pattern	BRATA - S1094 (5aff44ab-5a41-49bb-b5d1-b4876d0437f4)	Malware	1
BRATA - S1094 (5aff44ab-5a41-49bb-b5d1-b4876d0437f4)	Malware	Data from Local System - T1533 (e1c912a9-e305-434b-9172-8a6ce3ec9c4a)	Attack Pattern	1
Hide Artifacts - T1628 (fc53309d-ebd5-4573-9242-57024ebdad4f)	Attack Pattern	User Evasion - T1628.002 (24a77e53-0751-46fc-b207-99378fb35c08)	Attack Pattern	2
Masquerading - T1655 (f856eaab-e84a-4265-a8a2-7bf37e5dc2fc)	Attack Pattern	Match Legitimate Name or Location - T1655.001 (114fed8b-7eed-4136-8b9c-411c5c7fff4b)	Attack Pattern	2
Software Packing - T1406.002 (51636761-2e35-44bf-9e56-e337adf97174)	Attack Pattern	Obfuscated Files or Information - T1406 (d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a)	Attack Pattern	2
Indicator Removal on Host - T1630 (0d4e3bbb-7af5-4c88-a215-0c0906bc1e8d)	Attack Pattern	Uninstall Malicious Application - T1630.001 (0cdd66ad-26ac-4338-a764-4972a1e17ee3)	Attack Pattern	2
System Checks - T1633.001 (6ffad4be-bfe0-424f-abde-4d9a84a800ad)	Attack Pattern	Virtualization/Sandbox Evasion - T1633 (27d18e87-8f32-4be1-b456-39b90454360f)	Attack Pattern	2
Data Manipulation - T1641 (c548d8c4-a0a3-4a24-bb79-2a84abbc7b36)	Attack Pattern	Transmitted Data Manipulation - T1641.001 (74e6003f-c7f4-4047-983b-708cc19b96b6)	Attack Pattern	2
Impair Defenses - T1629 (20b0931a-8952-42ca-975f-775bad295f1a)	Attack Pattern	Disable or Modify Tools - T1629.003 (2aa78dfd-cb6f-4c70-9408-137cfd96be49)	Attack Pattern	2
Web Protocols - T1437.001 (2282a98b-5049-4f61-9381-55baca7c1add)	Attack Pattern	Application Layer Protocol - T1437 (6a3f6490-9c44-40de-b059-e5940f246673)	Attack Pattern	2
Software Discovery - T1418 (198ce408-1470-45ee-b47f-7056050d4fc2)	Attack Pattern	Security Software Discovery - T1418.001 (1d44f529-6fe6-489f-8a01-6261ac43f05e)	Attack Pattern	2
Keylogging - T1417.001 (b1c95426-2550-4621-8028-ceebf28b3a47)	Attack Pattern	Input Capture - T1417 (a8c31121-852b-46bd-9ba4-674ae5afe7ad)	Attack Pattern	2
Input Capture - T1417 (a8c31121-852b-46bd-9ba4-674ae5afe7ad)	Attack Pattern	GUI Input Capture - T1417.002 (4c58b7c6-a839-4789-bda9-9de33e4d4512)	Attack Pattern	2
Geofencing - T1627.001 (e422b6fa-4739-46b9-992e-82f1b350c780)	Attack Pattern	Execution Guardrails - T1627 (498e7b81-238d-404c-aa5e-332904d63286)	Attack Pattern	2