Skip to content

Hide Navigation Hide TOC

Shinra (8ed2354e-82ba-4338-a07c-8e3f073cc075)

SHINRA ransomware is a variant of the Proton ransomware family, known for its malicious activities involving data encryption and demanding a ransom for data decryption.

After encrypting files, the ransomware renames them with a sequence of random characters and appends the ".SHINRA3" extension to the filenames.

It is worth noting that this ransomware uses AES and ECC encryption algorithms to lock files on the victim's computer. Following the encryption, it creates a ransom note named "SHINRA-Recovery.txt."

There are not many details about its operation or methods of infecting its victims, but after encryption, the victim needs to send an email regarding recovery to the addresses provided, including their ID as generated by the ransomware:

Qq.decrypt@gmail.com Qq.encrypt@gmail.com ethan@fastmsg.info

The ransomware also changes the victim's wallpaper, displaying the need to send the data and contact the threat actor.

Cluster A Galaxy A Cluster B Galaxy B Level
Shinra (8ed2354e-82ba-4338-a07c-8e3f073cc075) Ransomware Clear Windows Event Logs - T1070.001 (6495ae23-3ab4-43c5-a94f-5638a2c31fd2) Attack Pattern 1
Shinra (8ed2354e-82ba-4338-a07c-8e3f073cc075) Ransomware Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0) Attack Pattern 1
Shinra (8ed2354e-82ba-4338-a07c-8e3f073cc075) Ransomware Data Destruction - T1485 (d45a3d09-b3cf-48f4-9f0f-f521ee5cb05c) Attack Pattern 1
Windows Management Instrumentation - T1047 (01a5a209-b94c-450b-b7f9-946497d91055) Attack Pattern Shinra (8ed2354e-82ba-4338-a07c-8e3f073cc075) Ransomware 1
Scripting - T1064 (7fd87010-3a00-4da3-b905-410525e8ec44) Attack Pattern Shinra (8ed2354e-82ba-4338-a07c-8e3f073cc075) Ransomware 1
Shinra (8ed2354e-82ba-4338-a07c-8e3f073cc075) Ransomware Inhibit System Recovery - T1490 (f5d8eed6-48a9-4cdf-a3d7-d1ffa99c3d2a) Attack Pattern 1
System Service Discovery - T1007 (322bad5a-1c49-4d23-ab79-76d641794afa) Attack Pattern Shinra (8ed2354e-82ba-4338-a07c-8e3f073cc075) Ransomware 1
Shinra (8ed2354e-82ba-4338-a07c-8e3f073cc075) Ransomware Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279) Attack Pattern 1
Shinra (8ed2354e-82ba-4338-a07c-8e3f073cc075) Ransomware Service Stop - T1489 (20fb2507-d71c-455d-9b6d-6104461cf26b) Attack Pattern 1
Indicator Removal from Tools - T1027.005 (b0533c6e-8fea-4788-874f-b799cacc4b92) Attack Pattern Shinra (8ed2354e-82ba-4338-a07c-8e3f073cc075) Ransomware 1
Shinra (8ed2354e-82ba-4338-a07c-8e3f073cc075) Ransomware Embedded Payloads - T1027.009 (0533ab23-3f7d-463f-9bd8-634d27e4dee1) Attack Pattern 1
Shinra (8ed2354e-82ba-4338-a07c-8e3f073cc075) Ransomware Automated Collection - T1119 (30208d3e-0d6b-43c8-883e-44462a514619) Attack Pattern 1
Shinra (8ed2354e-82ba-4338-a07c-8e3f073cc075) Ransomware File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c) Attack Pattern 1
System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0) Attack Pattern Shinra (8ed2354e-82ba-4338-a07c-8e3f073cc075) Ransomware 1
Shinra (8ed2354e-82ba-4338-a07c-8e3f073cc075) Ransomware Abuse Elevation Control Mechanism - T1548 (67720091-eee3-4d2d-ae16-8264567f6f5b) Attack Pattern 1
Shinra (8ed2354e-82ba-4338-a07c-8e3f073cc075) Ransomware Disable or Modify Tools - T1562.001 (ac08589e-ee59-4935-8667-d845e38fe579) Attack Pattern 1
Shinra (8ed2354e-82ba-4338-a07c-8e3f073cc075) Ransomware Shared Modules - T1129 (0a5231ec-41af-4a35-83d0-6bdf11f28c65) Attack Pattern 1
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern Shinra (8ed2354e-82ba-4338-a07c-8e3f073cc075) Ransomware 1
Shinra (8ed2354e-82ba-4338-a07c-8e3f073cc075) Ransomware Data Encrypted for Impact - T1486 (b80d107d-fa0d-4b60-9684-b0433e8bdba0) Attack Pattern 1
Remote System Discovery - T1018 (e358d692-23c0-4a31-9eb6-ecc13a8d7735) Attack Pattern Shinra (8ed2354e-82ba-4338-a07c-8e3f073cc075) Ransomware 1
Shinra (8ed2354e-82ba-4338-a07c-8e3f073cc075) Ransomware Indirect Command Execution - T1202 (3b0e52ce-517a-4614-a523-1bd5deef6c5e) Attack Pattern 1
Shinra (8ed2354e-82ba-4338-a07c-8e3f073cc075) Ransomware File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern 1
Shinra (8ed2354e-82ba-4338-a07c-8e3f073cc075) Ransomware Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf) Attack Pattern 1
Shinra (8ed2354e-82ba-4338-a07c-8e3f073cc075) Ransomware Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32) Attack Pattern 1
Shinra (8ed2354e-82ba-4338-a07c-8e3f073cc075) Ransomware Data Staged - T1074 (7dd95ff6-712e-4056-9626-312ea4ab4c5e) Attack Pattern 1
Shinra (8ed2354e-82ba-4338-a07c-8e3f073cc075) Ransomware Hidden Window - T1564.003 (cbb66055-0325-4111-aca0-40547b6ad5b0) Attack Pattern 1
Shinra (8ed2354e-82ba-4338-a07c-8e3f073cc075) Ransomware Security Software Discovery - T1518.001 (cba37adb-d6fb-4610-b069-dd04c0643384) Attack Pattern 1
Shinra (8ed2354e-82ba-4338-a07c-8e3f073cc075) Ransomware Input Capture - T1056 (bb5a00de-e086-4859-a231-fa793f6797e2) Attack Pattern 1
Shinra (8ed2354e-82ba-4338-a07c-8e3f073cc075) Ransomware Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580) Attack Pattern 1
Shinra (8ed2354e-82ba-4338-a07c-8e3f073cc075) Ransomware Application Window Discovery - T1010 (4ae4f953-fe58-4cc8-a327-33257e30a830) Attack Pattern 1
Shinra (8ed2354e-82ba-4338-a07c-8e3f073cc075) Ransomware System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern 1
Network Share Discovery - T1135 (3489cfc5-640f-4bb3-a103-9137b97de79f) Attack Pattern Shinra (8ed2354e-82ba-4338-a07c-8e3f073cc075) Ransomware 1
Shinra (8ed2354e-82ba-4338-a07c-8e3f073cc075) Ransomware Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) Attack Pattern 1
File and Directory Permissions Modification - T1222 (65917ae0-b854-4139-83fe-bf2441cf0196) Attack Pattern Shinra (8ed2354e-82ba-4338-a07c-8e3f073cc075) Ransomware 1
Clear Windows Event Logs - T1070.001 (6495ae23-3ab4-43c5-a94f-5638a2c31fd2) Attack Pattern Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69) Attack Pattern 2
Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf) Attack Pattern Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279) Attack Pattern 2
Indicator Removal from Tools - T1027.005 (b0533c6e-8fea-4788-874f-b799cacc4b92) Attack Pattern Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern 2
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern Embedded Payloads - T1027.009 (0533ab23-3f7d-463f-9bd8-634d27e4dee1) Attack Pattern 2
Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69) Attack Pattern File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c) Attack Pattern 2
Impair Defenses - T1562 (3d333250-30e4-4a82-9edc-756c68afc529) Attack Pattern Disable or Modify Tools - T1562.001 (ac08589e-ee59-4935-8667-d845e38fe579) Attack Pattern 2
Create or Modify System Process - T1543 (106c0cf6-bf73-4601-9aa8-0945c2715ec5) Attack Pattern Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32) Attack Pattern 2
Hidden Window - T1564.003 (cbb66055-0325-4111-aca0-40547b6ad5b0) Attack Pattern Hide Artifacts - T1564 (22905430-4901-4c2a-84f6-98243cb173f8) Attack Pattern 2
Software Discovery - T1518 (e3b6daca-e963-4a69-aee6-ed4fd653ad58) Attack Pattern Security Software Discovery - T1518.001 (cba37adb-d6fb-4610-b069-dd04c0643384) Attack Pattern 2