Rewterz Threat Advisory – ICS: GE Gas Power ToolBoxST
January 26, 2022Rewterz Threat Alert – Molerats APT -Active IOCs
January 26, 2022Rewterz Threat Advisory – ICS: GE Gas Power ToolBoxST
January 26, 2022Rewterz Threat Alert – Molerats APT -Active IOCs
January 26, 2022Severity
Mediujm
Analysis Summary
BRATA android malware is equipped with the ability to perform a factory reset on devices and run GPS tracking on them. BRATA became most famous for spying on Brazilian users. Hence the name Brazilian RAT Android (BRATA). Unofficial android apps stores and google play stores are used to deliver these RATs.
Common BRATA icon Apps by Cleafy
From turning off the victim’s device to unlocking them to stealthily running tasks in the background, BRATA can do it all. Other capabilities include:
- Using multiple communication channels (TCP and HTTP) to keep persistent communication between the C2 server and device,
- Monitoring the victim’s bank application through keylogging techniques and VNC.
There are 3 versions of BRATA, BRATA.A, BRATA.B, and BRATA.C. BRATA.A has been most frequently used in the past few months and is the one used to carry out factory reset and GPS tracking attacks. BRATA.B uses partial obfuscation of codes and tailored overlay pages to steal PINs i.e. security numbers. BRATA.C comes in later to execute the malicious apps later on.
Impact
- Information Theft
- Credential Theft
- Remote Code Execution
Indicators of Compromise
IP
- 5[.]39[.]217[.]241
MD5
- 220ec1e3effb6f4a4a3acb6b3b3d2e90
- e664bd7951d45d0a33529913cfbcbac0
SHA-256
- e769ef0d011cbf3322c9e85d4cdf70af413f021d033aed884c1431f2b7861d0d
- 648a5a705bbe88e52569b3774a689a82f53962e8827b143189639d48727bd159
SHA-1
- c429857766ae7fca8e65e15ad9b1fa691e0b8de7
- 78352fdc93b392191384b7eb7ded00a4f3347ba2
Remediation
- Be wary of installing Android applications simply because they are available on the App store.
- Download from trusted websites and look out for official web pages.
- Do not click on suspicious links received via email or texts.
- Be vigilant when downloading new applications. Analyze the reviews and look for fake reviews. Also, check the vendor information and the permissions requested by the app.