brata | 2c7bbb1db25f9fc43adeb5a0ef921868232f6e082aa587a8c014c79387c0a2eb | Triage

Submit
Reports

Overview

overview

Static

static

6

27e0ec79db...f8.apk

android-13-x64

27e0ec79db...f8.apk

android-9-x86

Sharing

General

Target

27e0ec79dbb7c7f99b43c8c01a94188d1071d1245b1745d0e066ae774c78a8f8.zip
Size

3.1MB
Sample

240402-t6bmrsfd8y
MD5

60a28d978b3e60f12f266c325580d580
SHA1

adb37a4aec78276abe2624e7c2b4a9a2418dff17
SHA256

2c7bbb1db25f9fc43adeb5a0ef921868232f6e082aa587a8c014c79387c0a2eb
SHA512

679460f35877305042914cb645c81659dedb4d78431f25ad7cadca26b53c29230705e05351bcb65b6a8e2f1555207d5ddbcd109837e935abe18c2a28adf04429
SSDEEP

49152:Wv2m1/xiuke6nZHS2hs6yKaGJzR7aZNZnaRMezkRQPYVE22Htp7cJra4MSEOWMqt:Wn/x4zLaGJzFE3naKeQm4QNIKSEOW1SY

Score

10^/10

brata irata android banker collection evasion infostealer persistence rat trojan

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

27e0ec79dbb7c7f99b43c8c01a94188d1071d1245b1745d0e066ae774c78a8f8.apk

Resource

android-33-x64-arm64-20240229-en

brata irata banker evasion infostealer rat trojan

android-13-x64

6 signatures

150 seconds

Behavioral task

behavioral2

Sample

27e0ec79dbb7c7f99b43c8c01a94188d1071d1245b1745d0e066ae774c78a8f8.apk

Resource

android-x86-arm-20240221-en

brata irata banker collection evasion infostealer persistence rat trojan

android-9-x86

9 signatures

150 seconds

Malware Config

Targets

- Target
  
  27e0ec79dbb7c7f99b43c8c01a94188d1071d1245b1745d0e066ae774c78a8f8.apk
- Size
  
  3.1MB
- MD5
  
  aa294efd44594b64eb93904dbb3c7a2c
- SHA1
  
  91639afbface1289c1f35ed1e822843ad75514a7
- SHA256
  
  27e0ec79dbb7c7f99b43c8c01a94188d1071d1245b1745d0e066ae774c78a8f8
- SHA512
  
  659ed5447cc8b6b79c162464e941547b63702f9387ec4b2ae01a4bea1c522ee2a66327fae35c98ea962b46feaba9ba7c8af74acb68b0f4ba90900e936f0ee43c
- SSDEEP
  
  98304:1eVM3OTHHj0B8GJPl1LUV9dcKUQA1QgfJRbdpA52:sVM3OvGdLMdXUb1QMRhp02
Score

10^/10

brata irata banker evasion infostealer rat trojan collection persistence
- Brata
  Brata is a banking trojan malware first seen in 2019.
  banker trojan infostealer rat brata
- Brata payload
- Irata
  Irata is an Iranian remote access trojan Android malware first seen in August 2022.
  trojan infostealer rat irata
- Irata payload
- Makes use of the framework's Accessibility service
  Retrieves information displayed on the phone screen using AccessibilityService.
  collection evasion
- Loads dropped Dex/Jar
  Runs executable file dropped to the device during analysis.
  evasion
- Makes use of the framework's foreground persistence service
  Application may abuse the framework's foreground service to continue running in the foreground.
  evasion persistence
- Acquires the wake lock
behavioral1 behavioral2

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Foreground Persistence

Privilege Escalation

Defense Evasion

Download New Code at Runtime

Foreground Persistence

Input Injection

Credential Access

Discovery

Lateral Movement

Collection

Screen Capture

Command and Control

Exfiltration

Impact

Input Injection

Tasks

static1

behavioral1

bratairatabankerevasioninfostealerrattrojan

behavioral2

bratairatabankercollectionevasioninfostealerpersistencerattrojan

© 2018-2024

Terms | Privacy