Inside Gunra RaaS: From Affiliate Recruitment on the Dark Web to Full Technical Dissection of their Locker

**Executive Summary:** CloudSEK researchers uncovered and analyzed Gunra, a professional Ransomware-as-a-Service (RaaS) with a newly launched affiliate program; through HUMINT they obtained management-panel credentials and a live sample and produced a detailed static and dynamic analysis, IOCs (file hashes, .ENCRT extension, R3ADM3.txt, Tor payment portal), MITRE ATT&CK mappings, and actionable mitigation recommendations.