BRATA - S1094 (5aff44ab-5a41-49bb-b5d1-b4876d0437f4)

BRATA (Brazilian Remote Access Tool, Android), is an evolving Android malware strain, detected in late 2018 and again in late 2021. Originating in Brazil, BRATA was later also found in the UK, Poland, Italy, Spain, and USA, where it is believed to have targeted financial institutions such as banks. There are currently three known variants of BRATA.(Citation: securelist_brata_0819)(Citation: cleafy_brata_0122)(Citation: mcafee_brata_0421)

Cluster A	Galaxy A	Cluster B	Galaxy B	Level
Archive Collected Data - T1532 (e3b936a4-6321-4172-9114-038a866362ec)	Attack Pattern	BRATA - S1094 (5aff44ab-5a41-49bb-b5d1-b4876d0437f4)	Malware	1
BRATA - S1094 (5aff44ab-5a41-49bb-b5d1-b4876d0437f4)	Malware	Remote Access Software - T1663 (0b761f2b-197a-40f2-b100-8152cb957c0c)	Attack Pattern	1
BRATA - S1094 (5aff44ab-5a41-49bb-b5d1-b4876d0437f4)	Malware	Lockscreen Bypass - T1461 (dfe29258-ce59-421c-9dee-e85cb9fa90cd)	Attack Pattern	1
Software Packing - T1406.002 (51636761-2e35-44bf-9e56-e337adf97174)	Attack Pattern	BRATA - S1094 (5aff44ab-5a41-49bb-b5d1-b4876d0437f4)	Malware	1
Match Legitimate Name or Location - T1655.001 (114fed8b-7eed-4136-8b9c-411c5c7fff4b)	Attack Pattern	BRATA - S1094 (5aff44ab-5a41-49bb-b5d1-b4876d0437f4)	Malware	1
System Information Discovery - T1426 (e2ea7f6b-8d4f-49c3-819d-660530d12b77)	Attack Pattern	BRATA - S1094 (5aff44ab-5a41-49bb-b5d1-b4876d0437f4)	Malware	1
System Checks - T1633.001 (6ffad4be-bfe0-424f-abde-4d9a84a800ad)	Attack Pattern	BRATA - S1094 (5aff44ab-5a41-49bb-b5d1-b4876d0437f4)	Malware	1
Exploitation for Initial Access - T1664 (6ecbc2eb-e85a-440a-ab68-4d98f8d56fbe)	Attack Pattern	BRATA - S1094 (5aff44ab-5a41-49bb-b5d1-b4876d0437f4)	Malware	1
Input Injection - T1516 (d1f1337e-aea7-454c-86bd-482a98ffaf62)	Attack Pattern	BRATA - S1094 (5aff44ab-5a41-49bb-b5d1-b4876d0437f4)	Malware	1
BRATA - S1094 (5aff44ab-5a41-49bb-b5d1-b4876d0437f4)	Malware	Keylogging - T1417.001 (b1c95426-2550-4621-8028-ceebf28b3a47)	Attack Pattern	1
Web Protocols - T1437.001 (2282a98b-5049-4f61-9381-55baca7c1add)	Attack Pattern	BRATA - S1094 (5aff44ab-5a41-49bb-b5d1-b4876d0437f4)	Malware	1
Uninstall Malicious Application - T1630.001 (0cdd66ad-26ac-4338-a764-4972a1e17ee3)	Attack Pattern	BRATA - S1094 (5aff44ab-5a41-49bb-b5d1-b4876d0437f4)	Malware	1
Call Control - T1616 (351ddf79-2d3a-41b4-9bef-82ea5d3ccd69)	Attack Pattern	BRATA - S1094 (5aff44ab-5a41-49bb-b5d1-b4876d0437f4)	Malware	1
Transmitted Data Manipulation - T1641.001 (74e6003f-c7f4-4047-983b-708cc19b96b6)	Attack Pattern	BRATA - S1094 (5aff44ab-5a41-49bb-b5d1-b4876d0437f4)	Malware	1
Geofencing - T1627.001 (e422b6fa-4739-46b9-992e-82f1b350c780)	Attack Pattern	BRATA - S1094 (5aff44ab-5a41-49bb-b5d1-b4876d0437f4)	Malware	1
BRATA - S1094 (5aff44ab-5a41-49bb-b5d1-b4876d0437f4)	Malware	Security Software Discovery - T1418.001 (1d44f529-6fe6-489f-8a01-6261ac43f05e)	Attack Pattern	1
Disable or Modify Tools - T1629.003 (2aa78dfd-cb6f-4c70-9408-137cfd96be49)	Attack Pattern	BRATA - S1094 (5aff44ab-5a41-49bb-b5d1-b4876d0437f4)	Malware	1
BRATA - S1094 (5aff44ab-5a41-49bb-b5d1-b4876d0437f4)	Malware	Exfiltration Over C2 Channel - T1646 (32063d7f-0a39-440d-a4a3-2694488f96cc)	Attack Pattern	1
BRATA - S1094 (5aff44ab-5a41-49bb-b5d1-b4876d0437f4)	Malware	Obfuscated Files or Information - T1406 (d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a)	Attack Pattern	1
GUI Input Capture - T1417.002 (4c58b7c6-a839-4789-bda9-9de33e4d4512)	Attack Pattern	BRATA - S1094 (5aff44ab-5a41-49bb-b5d1-b4876d0437f4)	Malware	1
Phishing - T1660 (defc1257-4db1-4fb3-8ef5-bb77f63146df)	Attack Pattern	BRATA - S1094 (5aff44ab-5a41-49bb-b5d1-b4876d0437f4)	Malware	1
Download New Code at Runtime - T1407 (6c49d50f-494d-4150-b774-a655022d20a6)	Attack Pattern	BRATA - S1094 (5aff44ab-5a41-49bb-b5d1-b4876d0437f4)	Malware	1
Location Tracking - T1430 (99e6295e-741b-4857-b6e5-64989eb039b4)	Attack Pattern	BRATA - S1094 (5aff44ab-5a41-49bb-b5d1-b4876d0437f4)	Malware	1
User Evasion - T1628.002 (24a77e53-0751-46fc-b207-99378fb35c08)	Attack Pattern	BRATA - S1094 (5aff44ab-5a41-49bb-b5d1-b4876d0437f4)	Malware	1
Screen Capture - T1513 (73c26732-6422-4081-8b63-6d0ae93d449e)	Attack Pattern	BRATA - S1094 (5aff44ab-5a41-49bb-b5d1-b4876d0437f4)	Malware	1
Data from Local System - T1533 (e1c912a9-e305-434b-9172-8a6ce3ec9c4a)	Attack Pattern	BRATA - S1094 (5aff44ab-5a41-49bb-b5d1-b4876d0437f4)	Malware	1
BRATA - S1094 (5aff44ab-5a41-49bb-b5d1-b4876d0437f4)	Malware	Data Destruction - T1662 (9ef14445-6f35-4ed0-a042-5024f13a9242)	Attack Pattern	1
Software Packing - T1406.002 (51636761-2e35-44bf-9e56-e337adf97174)	Attack Pattern	Obfuscated Files or Information - T1406 (d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a)	Attack Pattern	2
Masquerading - T1655 (f856eaab-e84a-4265-a8a2-7bf37e5dc2fc)	Attack Pattern	Match Legitimate Name or Location - T1655.001 (114fed8b-7eed-4136-8b9c-411c5c7fff4b)	Attack Pattern	2
System Checks - T1633.001 (6ffad4be-bfe0-424f-abde-4d9a84a800ad)	Attack Pattern	Virtualization/Sandbox Evasion - T1633 (27d18e87-8f32-4be1-b456-39b90454360f)	Attack Pattern	2
Input Capture - T1417 (a8c31121-852b-46bd-9ba4-674ae5afe7ad)	Attack Pattern	Keylogging - T1417.001 (b1c95426-2550-4621-8028-ceebf28b3a47)	Attack Pattern	2
Application Layer Protocol - T1437 (6a3f6490-9c44-40de-b059-e5940f246673)	Attack Pattern	Web Protocols - T1437.001 (2282a98b-5049-4f61-9381-55baca7c1add)	Attack Pattern	2
Indicator Removal on Host - T1630 (0d4e3bbb-7af5-4c88-a215-0c0906bc1e8d)	Attack Pattern	Uninstall Malicious Application - T1630.001 (0cdd66ad-26ac-4338-a764-4972a1e17ee3)	Attack Pattern	2
Transmitted Data Manipulation - T1641.001 (74e6003f-c7f4-4047-983b-708cc19b96b6)	Attack Pattern	Data Manipulation - T1641 (c548d8c4-a0a3-4a24-bb79-2a84abbc7b36)	Attack Pattern	2
Execution Guardrails - T1627 (498e7b81-238d-404c-aa5e-332904d63286)	Attack Pattern	Geofencing - T1627.001 (e422b6fa-4739-46b9-992e-82f1b350c780)	Attack Pattern	2
Software Discovery - T1418 (198ce408-1470-45ee-b47f-7056050d4fc2)	Attack Pattern	Security Software Discovery - T1418.001 (1d44f529-6fe6-489f-8a01-6261ac43f05e)	Attack Pattern	2
Disable or Modify Tools - T1629.003 (2aa78dfd-cb6f-4c70-9408-137cfd96be49)	Attack Pattern	Impair Defenses - T1629 (20b0931a-8952-42ca-975f-775bad295f1a)	Attack Pattern	2
GUI Input Capture - T1417.002 (4c58b7c6-a839-4789-bda9-9de33e4d4512)	Attack Pattern	Input Capture - T1417 (a8c31121-852b-46bd-9ba4-674ae5afe7ad)	Attack Pattern	2
User Evasion - T1628.002 (24a77e53-0751-46fc-b207-99378fb35c08)	Attack Pattern	Hide Artifacts - T1628 (fc53309d-ebd5-4573-9242-57024ebdad4f)	Attack Pattern	2