brata | 2c7bbb1db25f9fc43adeb5a0ef921868232f6e082aa587a8c014c79387c0a2eb | Triage

Submit
Reports

Overview

overview

Static

static

6

27e0ec79db...f8.apk

android-13-x64

27e0ec79db...f8.apk

android-9-x86

Sharing

General

Target

27e0ec79dbb7c7f99b43c8c01a94188d1071d1245b1745d0e066ae774c78a8f8.zip
Size

3.1MB
Sample

240402-t6bmrsfd8y
MD5

60a28d978b3e60f12f266c325580d580
SHA1

adb37a4aec78276abe2624e7c2b4a9a2418dff17
SHA256

2c7bbb1db25f9fc43adeb5a0ef921868232f6e082aa587a8c014c79387c0a2eb
SHA512

679460f35877305042914cb645c81659dedb4d78431f25ad7cadca26b53c29230705e05351bcb65b6a8e2f1555207d5ddbcd109837e935abe18c2a28adf04429
SSDEEP

49152:Wv2m1/xiuke6nZHS2hs6yKaGJzR7aZNZnaRMezkRQPYVE22Htp7cJra4MSEOWMqt:Wn/x4zLaGJzFE3naKeQm4QNIKSEOW1SY

Score

10^/10

brata irata android banker collection evasion infostealer persistence rat trojan

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

27e0ec79dbb7c7f99b43c8c01a94188d1071d1245b1745d0e066ae774c78a8f8.apk

Resource

android-33-x64-arm64-20240229-en

brata irata banker evasion infostealer rat trojan

android-13-x64

6 signatures

150 seconds

Behavioral task

behavioral2

Sample

27e0ec79dbb7c7f99b43c8c01a94188d1071d1245b1745d0e066ae774c78a8f8.apk

Resource

android-x86-arm-20240221-en

brata irata banker collection evasion infostealer persistence rat trojan

android-9-x86

9 signatures

150 seconds

Malware Config

Targets

- Target
  
  27e0ec79dbb7c7f99b43c8c01a94188d1071d1245b1745d0e066ae774c78a8f8.apk
- Size
  
  3.1MB
- MD5
  
  aa294efd44594b64eb93904dbb3c7a2c
- SHA1
  
  91639afbface1289c1f35ed1e822843ad75514a7
- SHA256
  
  27e0ec79dbb7c7f99b43c8c01a94188d1071d1245b1745d0e066ae774c78a8f8
- SHA512
  
  659ed5447cc8b6b79c162464e941547b63702f9387ec4b2ae01a4bea1c522ee2a66327fae35c98ea962b46feaba9ba7c8af74acb68b0f4ba90900e936f0ee43c
- SSDEEP
  
  98304:1eVM3OTHHj0B8GJPl1LUV9dcKUQA1QgfJRbdpA52:sVM3OvGdLMdXUb1QMRhp02
Score

10^/10

brata irata banker evasion infostealer rat trojan collection persistence
- Brata
  Brata is a banking trojan malware first seen in 2019.
  banker trojan infostealer rat brata
- Brata payload
- Irata
  Irata is an Iranian remote access trojan Android malware first seen in August 2022.
  trojan infostealer rat irata
- Irata payload
- Makes use of the framework's Accessibility service
  Retrieves information displayed on the phone screen using AccessibilityService.
  collection evasion
- Loads dropped Dex/Jar
  Runs executable file dropped to the device during analysis.
  evasion
- Makes use of the framework's foreground persistence service
  Application may abuse the framework's foreground service to continue running in the foreground.
  evasion persistence
- Acquires the wake lock
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

bratairatabankerevasioninfostealerrattrojan

behavioral2

bratairatabankercollectionevasioninfostealerpersistencerattrojan

© 2018-2024

Terms | Privacy