Skip to content

Hide Navigation Hide TOC

BRATA - S1094 (5aff44ab-5a41-49bb-b5d1-b4876d0437f4)

BRATA (Brazilian Remote Access Tool, Android), is an evolving Android malware strain, detected in late 2018 and again in late 2021. Originating in Brazil, BRATA was later also found in the UK, Poland, Italy, Spain, and USA, where it is believed to have targeted financial institutions such as banks. There are currently three known variants of BRATA.(Citation: securelist_brata_0819)(Citation: cleafy_brata_0122)(Citation: mcafee_brata_0421)

Cluster A Galaxy A Cluster B Galaxy B Level
BRATA - S1094 (5aff44ab-5a41-49bb-b5d1-b4876d0437f4) Malware User Evasion - T1628.002 (24a77e53-0751-46fc-b207-99378fb35c08) Attack Pattern 1
BRATA - S1094 (5aff44ab-5a41-49bb-b5d1-b4876d0437f4) Malware Archive Collected Data - T1532 (e3b936a4-6321-4172-9114-038a866362ec) Attack Pattern 1
Remote Access Software - T1663 (0b761f2b-197a-40f2-b100-8152cb957c0c) Attack Pattern BRATA - S1094 (5aff44ab-5a41-49bb-b5d1-b4876d0437f4) Malware 1
Phishing - T1660 (defc1257-4db1-4fb3-8ef5-bb77f63146df) Attack Pattern BRATA - S1094 (5aff44ab-5a41-49bb-b5d1-b4876d0437f4) Malware 1
BRATA - S1094 (5aff44ab-5a41-49bb-b5d1-b4876d0437f4) Malware Match Legitimate Name or Location - T1655.001 (114fed8b-7eed-4136-8b9c-411c5c7fff4b) Attack Pattern 1
Location Tracking - T1430 (99e6295e-741b-4857-b6e5-64989eb039b4) Attack Pattern BRATA - S1094 (5aff44ab-5a41-49bb-b5d1-b4876d0437f4) Malware 1
Screen Capture - T1513 (73c26732-6422-4081-8b63-6d0ae93d449e) Attack Pattern BRATA - S1094 (5aff44ab-5a41-49bb-b5d1-b4876d0437f4) Malware 1
Software Packing - T1406.002 (51636761-2e35-44bf-9e56-e337adf97174) Attack Pattern BRATA - S1094 (5aff44ab-5a41-49bb-b5d1-b4876d0437f4) Malware 1
Data Destruction - T1662 (9ef14445-6f35-4ed0-a042-5024f13a9242) Attack Pattern BRATA - S1094 (5aff44ab-5a41-49bb-b5d1-b4876d0437f4) Malware 1
System Information Discovery - T1426 (e2ea7f6b-8d4f-49c3-819d-660530d12b77) Attack Pattern BRATA - S1094 (5aff44ab-5a41-49bb-b5d1-b4876d0437f4) Malware 1
BRATA - S1094 (5aff44ab-5a41-49bb-b5d1-b4876d0437f4) Malware Exploitation for Initial Access - T1664 (6ecbc2eb-e85a-440a-ab68-4d98f8d56fbe) Attack Pattern 1
Lockscreen Bypass - T1461 (dfe29258-ce59-421c-9dee-e85cb9fa90cd) Attack Pattern BRATA - S1094 (5aff44ab-5a41-49bb-b5d1-b4876d0437f4) Malware 1
BRATA - S1094 (5aff44ab-5a41-49bb-b5d1-b4876d0437f4) Malware Uninstall Malicious Application - T1630.001 (0cdd66ad-26ac-4338-a764-4972a1e17ee3) Attack Pattern 1
System Checks - T1633.001 (6ffad4be-bfe0-424f-abde-4d9a84a800ad) Attack Pattern BRATA - S1094 (5aff44ab-5a41-49bb-b5d1-b4876d0437f4) Malware 1
BRATA - S1094 (5aff44ab-5a41-49bb-b5d1-b4876d0437f4) Malware Transmitted Data Manipulation - T1641.001 (74e6003f-c7f4-4047-983b-708cc19b96b6) Attack Pattern 1
Disable or Modify Tools - T1629.003 (2aa78dfd-cb6f-4c70-9408-137cfd96be49) Attack Pattern BRATA - S1094 (5aff44ab-5a41-49bb-b5d1-b4876d0437f4) Malware 1
Web Protocols - T1437.001 (2282a98b-5049-4f61-9381-55baca7c1add) Attack Pattern BRATA - S1094 (5aff44ab-5a41-49bb-b5d1-b4876d0437f4) Malware 1
Security Software Discovery - T1418.001 (1d44f529-6fe6-489f-8a01-6261ac43f05e) Attack Pattern BRATA - S1094 (5aff44ab-5a41-49bb-b5d1-b4876d0437f4) Malware 1
Exfiltration Over C2 Channel - T1646 (32063d7f-0a39-440d-a4a3-2694488f96cc) Attack Pattern BRATA - S1094 (5aff44ab-5a41-49bb-b5d1-b4876d0437f4) Malware 1
BRATA - S1094 (5aff44ab-5a41-49bb-b5d1-b4876d0437f4) Malware Obfuscated Files or Information - T1406 (d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a) Attack Pattern 1
Keylogging - T1417.001 (b1c95426-2550-4621-8028-ceebf28b3a47) Attack Pattern BRATA - S1094 (5aff44ab-5a41-49bb-b5d1-b4876d0437f4) Malware 1
Input Injection - T1516 (d1f1337e-aea7-454c-86bd-482a98ffaf62) Attack Pattern BRATA - S1094 (5aff44ab-5a41-49bb-b5d1-b4876d0437f4) Malware 1
Download New Code at Runtime - T1407 (6c49d50f-494d-4150-b774-a655022d20a6) Attack Pattern BRATA - S1094 (5aff44ab-5a41-49bb-b5d1-b4876d0437f4) Malware 1
BRATA - S1094 (5aff44ab-5a41-49bb-b5d1-b4876d0437f4) Malware GUI Input Capture - T1417.002 (4c58b7c6-a839-4789-bda9-9de33e4d4512) Attack Pattern 1
BRATA - S1094 (5aff44ab-5a41-49bb-b5d1-b4876d0437f4) Malware Call Control - T1616 (351ddf79-2d3a-41b4-9bef-82ea5d3ccd69) Attack Pattern 1
Geofencing - T1627.001 (e422b6fa-4739-46b9-992e-82f1b350c780) Attack Pattern BRATA - S1094 (5aff44ab-5a41-49bb-b5d1-b4876d0437f4) Malware 1
BRATA - S1094 (5aff44ab-5a41-49bb-b5d1-b4876d0437f4) Malware Data from Local System - T1533 (e1c912a9-e305-434b-9172-8a6ce3ec9c4a) Attack Pattern 1
Hide Artifacts - T1628 (fc53309d-ebd5-4573-9242-57024ebdad4f) Attack Pattern User Evasion - T1628.002 (24a77e53-0751-46fc-b207-99378fb35c08) Attack Pattern 2
Masquerading - T1655 (f856eaab-e84a-4265-a8a2-7bf37e5dc2fc) Attack Pattern Match Legitimate Name or Location - T1655.001 (114fed8b-7eed-4136-8b9c-411c5c7fff4b) Attack Pattern 2
Software Packing - T1406.002 (51636761-2e35-44bf-9e56-e337adf97174) Attack Pattern Obfuscated Files or Information - T1406 (d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a) Attack Pattern 2
Indicator Removal on Host - T1630 (0d4e3bbb-7af5-4c88-a215-0c0906bc1e8d) Attack Pattern Uninstall Malicious Application - T1630.001 (0cdd66ad-26ac-4338-a764-4972a1e17ee3) Attack Pattern 2
System Checks - T1633.001 (6ffad4be-bfe0-424f-abde-4d9a84a800ad) Attack Pattern Virtualization/Sandbox Evasion - T1633 (27d18e87-8f32-4be1-b456-39b90454360f) Attack Pattern 2
Data Manipulation - T1641 (c548d8c4-a0a3-4a24-bb79-2a84abbc7b36) Attack Pattern Transmitted Data Manipulation - T1641.001 (74e6003f-c7f4-4047-983b-708cc19b96b6) Attack Pattern 2
Impair Defenses - T1629 (20b0931a-8952-42ca-975f-775bad295f1a) Attack Pattern Disable or Modify Tools - T1629.003 (2aa78dfd-cb6f-4c70-9408-137cfd96be49) Attack Pattern 2
Web Protocols - T1437.001 (2282a98b-5049-4f61-9381-55baca7c1add) Attack Pattern Application Layer Protocol - T1437 (6a3f6490-9c44-40de-b059-e5940f246673) Attack Pattern 2
Software Discovery - T1418 (198ce408-1470-45ee-b47f-7056050d4fc2) Attack Pattern Security Software Discovery - T1418.001 (1d44f529-6fe6-489f-8a01-6261ac43f05e) Attack Pattern 2
Keylogging - T1417.001 (b1c95426-2550-4621-8028-ceebf28b3a47) Attack Pattern Input Capture - T1417 (a8c31121-852b-46bd-9ba4-674ae5afe7ad) Attack Pattern 2
Input Capture - T1417 (a8c31121-852b-46bd-9ba4-674ae5afe7ad) Attack Pattern GUI Input Capture - T1417.002 (4c58b7c6-a839-4789-bda9-9de33e4d4512) Attack Pattern 2
Geofencing - T1627.001 (e422b6fa-4739-46b9-992e-82f1b350c780) Attack Pattern Execution Guardrails - T1627 (498e7b81-238d-404c-aa5e-332904d63286) Attack Pattern 2