Skip to content

Hide Navigation Hide TOC

Shinra (8ed2354e-82ba-4338-a07c-8e3f073cc075)

SHINRA ransomware is a variant of the Proton ransomware family, known for its malicious activities involving data encryption and demanding a ransom for data decryption.

After encrypting files, the ransomware renames them with a sequence of random characters and appends the ".SHINRA3" extension to the filenames.

It is worth noting that this ransomware uses AES and ECC encryption algorithms to lock files on the victim's computer. Following the encryption, it creates a ransom note named "SHINRA-Recovery.txt."

There are not many details about its operation or methods of infecting its victims, but after encryption, the victim needs to send an email regarding recovery to the addresses provided, including their ID as generated by the ransomware:

Qq.decrypt@gmail.com Qq.encrypt@gmail.com ethan@fastmsg.info

The ransomware also changes the victim's wallpaper, displaying the need to send the data and contact the threat actor.

Cluster A Galaxy A Cluster B Galaxy B Level
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern Shinra (8ed2354e-82ba-4338-a07c-8e3f073cc075) Ransomware 1
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern Shinra (8ed2354e-82ba-4338-a07c-8e3f073cc075) Ransomware 1
Data Encrypted for Impact - T1486 (b80d107d-fa0d-4b60-9684-b0433e8bdba0) Attack Pattern Shinra (8ed2354e-82ba-4338-a07c-8e3f073cc075) Ransomware 1
Network Share Discovery - T1135 (3489cfc5-640f-4bb3-a103-9137b97de79f) Attack Pattern Shinra (8ed2354e-82ba-4338-a07c-8e3f073cc075) Ransomware 1
Shared Modules - T1129 (0a5231ec-41af-4a35-83d0-6bdf11f28c65) Attack Pattern Shinra (8ed2354e-82ba-4338-a07c-8e3f073cc075) Ransomware 1
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern Shinra (8ed2354e-82ba-4338-a07c-8e3f073cc075) Ransomware 1
Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf) Attack Pattern Shinra (8ed2354e-82ba-4338-a07c-8e3f073cc075) Ransomware 1
Windows Management Instrumentation - T1047 (01a5a209-b94c-450b-b7f9-946497d91055) Attack Pattern Shinra (8ed2354e-82ba-4338-a07c-8e3f073cc075) Ransomware 1
Application Window Discovery - T1010 (4ae4f953-fe58-4cc8-a327-33257e30a830) Attack Pattern Shinra (8ed2354e-82ba-4338-a07c-8e3f073cc075) Ransomware 1
Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0) Attack Pattern Shinra (8ed2354e-82ba-4338-a07c-8e3f073cc075) Ransomware 1
Scripting - T1064 (7fd87010-3a00-4da3-b905-410525e8ec44) Attack Pattern Shinra (8ed2354e-82ba-4338-a07c-8e3f073cc075) Ransomware 1
Inhibit System Recovery - T1490 (f5d8eed6-48a9-4cdf-a3d7-d1ffa99c3d2a) Attack Pattern Shinra (8ed2354e-82ba-4338-a07c-8e3f073cc075) Ransomware 1
Security Software Discovery - T1518.001 (cba37adb-d6fb-4610-b069-dd04c0643384) Attack Pattern Shinra (8ed2354e-82ba-4338-a07c-8e3f073cc075) Ransomware 1
Embedded Payloads - T1027.009 (0533ab23-3f7d-463f-9bd8-634d27e4dee1) Attack Pattern Shinra (8ed2354e-82ba-4338-a07c-8e3f073cc075) Ransomware 1
Data Staged - T1074 (7dd95ff6-712e-4056-9626-312ea4ab4c5e) Attack Pattern Shinra (8ed2354e-82ba-4338-a07c-8e3f073cc075) Ransomware 1
System Service Discovery - T1007 (322bad5a-1c49-4d23-ab79-76d641794afa) Attack Pattern Shinra (8ed2354e-82ba-4338-a07c-8e3f073cc075) Ransomware 1
File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c) Attack Pattern Shinra (8ed2354e-82ba-4338-a07c-8e3f073cc075) Ransomware 1
Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) Attack Pattern Shinra (8ed2354e-82ba-4338-a07c-8e3f073cc075) Ransomware 1
Input Capture - T1056 (bb5a00de-e086-4859-a231-fa793f6797e2) Attack Pattern Shinra (8ed2354e-82ba-4338-a07c-8e3f073cc075) Ransomware 1
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580) Attack Pattern Shinra (8ed2354e-82ba-4338-a07c-8e3f073cc075) Ransomware 1
File and Directory Permissions Modification - T1222 (65917ae0-b854-4139-83fe-bf2441cf0196) Attack Pattern Shinra (8ed2354e-82ba-4338-a07c-8e3f073cc075) Ransomware 1
Clear Windows Event Logs - T1070.001 (6495ae23-3ab4-43c5-a94f-5638a2c31fd2) Attack Pattern Shinra (8ed2354e-82ba-4338-a07c-8e3f073cc075) Ransomware 1
Indicator Removal from Tools - T1027.005 (b0533c6e-8fea-4788-874f-b799cacc4b92) Attack Pattern Shinra (8ed2354e-82ba-4338-a07c-8e3f073cc075) Ransomware 1
Data Destruction - T1485 (d45a3d09-b3cf-48f4-9f0f-f521ee5cb05c) Attack Pattern Shinra (8ed2354e-82ba-4338-a07c-8e3f073cc075) Ransomware 1
Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32) Attack Pattern Shinra (8ed2354e-82ba-4338-a07c-8e3f073cc075) Ransomware 1
Remote System Discovery - T1018 (e358d692-23c0-4a31-9eb6-ecc13a8d7735) Attack Pattern Shinra (8ed2354e-82ba-4338-a07c-8e3f073cc075) Ransomware 1
Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279) Attack Pattern Shinra (8ed2354e-82ba-4338-a07c-8e3f073cc075) Ransomware 1
Indirect Command Execution - T1202 (3b0e52ce-517a-4614-a523-1bd5deef6c5e) Attack Pattern Shinra (8ed2354e-82ba-4338-a07c-8e3f073cc075) Ransomware 1
System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0) Attack Pattern Shinra (8ed2354e-82ba-4338-a07c-8e3f073cc075) Ransomware 1
Service Stop - T1489 (20fb2507-d71c-455d-9b6d-6104461cf26b) Attack Pattern Shinra (8ed2354e-82ba-4338-a07c-8e3f073cc075) Ransomware 1
Hidden Window - T1564.003 (cbb66055-0325-4111-aca0-40547b6ad5b0) Attack Pattern Shinra (8ed2354e-82ba-4338-a07c-8e3f073cc075) Ransomware 1
Automated Collection - T1119 (30208d3e-0d6b-43c8-883e-44462a514619) Attack Pattern Shinra (8ed2354e-82ba-4338-a07c-8e3f073cc075) Ransomware 1
Disable or Modify Tools - T1562.001 (ac08589e-ee59-4935-8667-d845e38fe579) Attack Pattern Shinra (8ed2354e-82ba-4338-a07c-8e3f073cc075) Ransomware 1
Abuse Elevation Control Mechanism - T1548 (67720091-eee3-4d2d-ae16-8264567f6f5b) Attack Pattern Shinra (8ed2354e-82ba-4338-a07c-8e3f073cc075) Ransomware 1
Software Discovery - T1518 (e3b6daca-e963-4a69-aee6-ed4fd653ad58) Attack Pattern Security Software Discovery - T1518.001 (cba37adb-d6fb-4610-b069-dd04c0643384) Attack Pattern 2
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern Embedded Payloads - T1027.009 (0533ab23-3f7d-463f-9bd8-634d27e4dee1) Attack Pattern 2
Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69) Attack Pattern File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c) Attack Pattern 2
Clear Windows Event Logs - T1070.001 (6495ae23-3ab4-43c5-a94f-5638a2c31fd2) Attack Pattern Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69) Attack Pattern 2
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern Indicator Removal from Tools - T1027.005 (b0533c6e-8fea-4788-874f-b799cacc4b92) Attack Pattern 2
Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32) Attack Pattern Create or Modify System Process - T1543 (106c0cf6-bf73-4601-9aa8-0945c2715ec5) Attack Pattern 2
Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279) Attack Pattern Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf) Attack Pattern 2
Hidden Window - T1564.003 (cbb66055-0325-4111-aca0-40547b6ad5b0) Attack Pattern Hide Artifacts - T1564 (22905430-4901-4c2a-84f6-98243cb173f8) Attack Pattern 2
Impair Defenses - T1562 (3d333250-30e4-4a82-9edc-756c68afc529) Attack Pattern Disable or Modify Tools - T1562.001 (ac08589e-ee59-4935-8667-d845e38fe579) Attack Pattern 2