BRATA - S1094 (5aff44ab-5a41-49bb-b5d1-b4876d0437f4)

BRATA (Brazilian Remote Access Tool, Android), is an evolving Android malware strain, detected in late 2018 and again in late 2021. Originating in Brazil, BRATA was later also found in the UK, Poland, Italy, Spain, and USA, where it is believed to have targeted financial institutions such as banks. There are currently three known variants of BRATA.(Citation: securelist_brata_0819)(Citation: cleafy_brata_0122)(Citation: mcafee_brata_0421)

Cluster A	Galaxy A	Cluster B	Galaxy B	Level
BRATA - S1094 (5aff44ab-5a41-49bb-b5d1-b4876d0437f4)	Malware	Exploitation for Initial Access - T1664 (6ecbc2eb-e85a-440a-ab68-4d98f8d56fbe)	Attack Pattern	1
Phishing - T1660 (defc1257-4db1-4fb3-8ef5-bb77f63146df)	Attack Pattern	BRATA - S1094 (5aff44ab-5a41-49bb-b5d1-b4876d0437f4)	Malware	1
BRATA - S1094 (5aff44ab-5a41-49bb-b5d1-b4876d0437f4)	Malware	Call Control - T1616 (351ddf79-2d3a-41b4-9bef-82ea5d3ccd69)	Attack Pattern	1
BRATA - S1094 (5aff44ab-5a41-49bb-b5d1-b4876d0437f4)	Malware	Keylogging - T1417.001 (b1c95426-2550-4621-8028-ceebf28b3a47)	Attack Pattern	1
BRATA - S1094 (5aff44ab-5a41-49bb-b5d1-b4876d0437f4)	Malware	System Checks - T1633.001 (6ffad4be-bfe0-424f-abde-4d9a84a800ad)	Attack Pattern	1
Disable or Modify Tools - T1629.003 (2aa78dfd-cb6f-4c70-9408-137cfd96be49)	Attack Pattern	BRATA - S1094 (5aff44ab-5a41-49bb-b5d1-b4876d0437f4)	Malware	1
BRATA - S1094 (5aff44ab-5a41-49bb-b5d1-b4876d0437f4)	Malware	Web Protocols - T1437.001 (2282a98b-5049-4f61-9381-55baca7c1add)	Attack Pattern	1
BRATA - S1094 (5aff44ab-5a41-49bb-b5d1-b4876d0437f4)	Malware	Uninstall Malicious Application - T1630.001 (0cdd66ad-26ac-4338-a764-4972a1e17ee3)	Attack Pattern	1
BRATA - S1094 (5aff44ab-5a41-49bb-b5d1-b4876d0437f4)	Malware	Download New Code at Runtime - T1407 (6c49d50f-494d-4150-b774-a655022d20a6)	Attack Pattern	1
BRATA - S1094 (5aff44ab-5a41-49bb-b5d1-b4876d0437f4)	Malware	Exfiltration Over C2 Channel - T1646 (32063d7f-0a39-440d-a4a3-2694488f96cc)	Attack Pattern	1
BRATA - S1094 (5aff44ab-5a41-49bb-b5d1-b4876d0437f4)	Malware	Transmitted Data Manipulation - T1641.001 (74e6003f-c7f4-4047-983b-708cc19b96b6)	Attack Pattern	1
BRATA - S1094 (5aff44ab-5a41-49bb-b5d1-b4876d0437f4)	Malware	Location Tracking - T1430 (99e6295e-741b-4857-b6e5-64989eb039b4)	Attack Pattern	1
BRATA - S1094 (5aff44ab-5a41-49bb-b5d1-b4876d0437f4)	Malware	Obfuscated Files or Information - T1406 (d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a)	Attack Pattern	1
BRATA - S1094 (5aff44ab-5a41-49bb-b5d1-b4876d0437f4)	Malware	Archive Collected Data - T1532 (e3b936a4-6321-4172-9114-038a866362ec)	Attack Pattern	1
BRATA - S1094 (5aff44ab-5a41-49bb-b5d1-b4876d0437f4)	Malware	Remote Access Software - T1663 (0b761f2b-197a-40f2-b100-8152cb957c0c)	Attack Pattern	1
Security Software Discovery - T1418.001 (1d44f529-6fe6-489f-8a01-6261ac43f05e)	Attack Pattern	BRATA - S1094 (5aff44ab-5a41-49bb-b5d1-b4876d0437f4)	Malware	1
BRATA - S1094 (5aff44ab-5a41-49bb-b5d1-b4876d0437f4)	Malware	Screen Capture - T1513 (73c26732-6422-4081-8b63-6d0ae93d449e)	Attack Pattern	1
BRATA - S1094 (5aff44ab-5a41-49bb-b5d1-b4876d0437f4)	Malware	Geofencing - T1627.001 (e422b6fa-4739-46b9-992e-82f1b350c780)	Attack Pattern	1
BRATA - S1094 (5aff44ab-5a41-49bb-b5d1-b4876d0437f4)	Malware	Data Destruction - T1662 (9ef14445-6f35-4ed0-a042-5024f13a9242)	Attack Pattern	1
GUI Input Capture - T1417.002 (4c58b7c6-a839-4789-bda9-9de33e4d4512)	Attack Pattern	BRATA - S1094 (5aff44ab-5a41-49bb-b5d1-b4876d0437f4)	Malware	1
BRATA - S1094 (5aff44ab-5a41-49bb-b5d1-b4876d0437f4)	Malware	System Information Discovery - T1426 (e2ea7f6b-8d4f-49c3-819d-660530d12b77)	Attack Pattern	1
BRATA - S1094 (5aff44ab-5a41-49bb-b5d1-b4876d0437f4)	Malware	Match Legitimate Name or Location - T1655.001 (114fed8b-7eed-4136-8b9c-411c5c7fff4b)	Attack Pattern	1
BRATA - S1094 (5aff44ab-5a41-49bb-b5d1-b4876d0437f4)	Malware	Data from Local System - T1533 (e1c912a9-e305-434b-9172-8a6ce3ec9c4a)	Attack Pattern	1
BRATA - S1094 (5aff44ab-5a41-49bb-b5d1-b4876d0437f4)	Malware	Lockscreen Bypass - T1461 (dfe29258-ce59-421c-9dee-e85cb9fa90cd)	Attack Pattern	1
BRATA - S1094 (5aff44ab-5a41-49bb-b5d1-b4876d0437f4)	Malware	Software Packing - T1406.002 (51636761-2e35-44bf-9e56-e337adf97174)	Attack Pattern	1
BRATA - S1094 (5aff44ab-5a41-49bb-b5d1-b4876d0437f4)	Malware	User Evasion - T1628.002 (24a77e53-0751-46fc-b207-99378fb35c08)	Attack Pattern	1
BRATA - S1094 (5aff44ab-5a41-49bb-b5d1-b4876d0437f4)	Malware	Input Injection - T1516 (d1f1337e-aea7-454c-86bd-482a98ffaf62)	Attack Pattern	1
Keylogging - T1417.001 (b1c95426-2550-4621-8028-ceebf28b3a47)	Attack Pattern	Input Capture - T1417 (a8c31121-852b-46bd-9ba4-674ae5afe7ad)	Attack Pattern	2
Virtualization/Sandbox Evasion - T1633 (27d18e87-8f32-4be1-b456-39b90454360f)	Attack Pattern	System Checks - T1633.001 (6ffad4be-bfe0-424f-abde-4d9a84a800ad)	Attack Pattern	2
Disable or Modify Tools - T1629.003 (2aa78dfd-cb6f-4c70-9408-137cfd96be49)	Attack Pattern	Impair Defenses - T1629 (20b0931a-8952-42ca-975f-775bad295f1a)	Attack Pattern	2
Application Layer Protocol - T1437 (6a3f6490-9c44-40de-b059-e5940f246673)	Attack Pattern	Web Protocols - T1437.001 (2282a98b-5049-4f61-9381-55baca7c1add)	Attack Pattern	2
Uninstall Malicious Application - T1630.001 (0cdd66ad-26ac-4338-a764-4972a1e17ee3)	Attack Pattern	Indicator Removal on Host - T1630 (0d4e3bbb-7af5-4c88-a215-0c0906bc1e8d)	Attack Pattern	2
Data Manipulation - T1641 (c548d8c4-a0a3-4a24-bb79-2a84abbc7b36)	Attack Pattern	Transmitted Data Manipulation - T1641.001 (74e6003f-c7f4-4047-983b-708cc19b96b6)	Attack Pattern	2
Security Software Discovery - T1418.001 (1d44f529-6fe6-489f-8a01-6261ac43f05e)	Attack Pattern	Software Discovery - T1418 (198ce408-1470-45ee-b47f-7056050d4fc2)	Attack Pattern	2
Execution Guardrails - T1627 (498e7b81-238d-404c-aa5e-332904d63286)	Attack Pattern	Geofencing - T1627.001 (e422b6fa-4739-46b9-992e-82f1b350c780)	Attack Pattern	2
GUI Input Capture - T1417.002 (4c58b7c6-a839-4789-bda9-9de33e4d4512)	Attack Pattern	Input Capture - T1417 (a8c31121-852b-46bd-9ba4-674ae5afe7ad)	Attack Pattern	2
Masquerading - T1655 (f856eaab-e84a-4265-a8a2-7bf37e5dc2fc)	Attack Pattern	Match Legitimate Name or Location - T1655.001 (114fed8b-7eed-4136-8b9c-411c5c7fff4b)	Attack Pattern	2
Obfuscated Files or Information - T1406 (d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a)	Attack Pattern	Software Packing - T1406.002 (51636761-2e35-44bf-9e56-e337adf97174)	Attack Pattern	2
Hide Artifacts - T1628 (fc53309d-ebd5-4573-9242-57024ebdad4f)	Attack Pattern	User Evasion - T1628.002 (24a77e53-0751-46fc-b207-99378fb35c08)	Attack Pattern	2