otx.alienvault.com Open in urlscan Pro
13.225.78.74  Public Scan

URL: https://otx.alienvault.com/pulse/64c758c63950354876440c0f
Submission: On July 31 via api from DE — Scanned from DE

Form analysis 0 forms found in the DOM

Text Content

×
Loading...
   
 * Browse
 * Scan Endpoints
 * Create Pulse
 * Submit Sample
 * API Integration
   
   
 * Login | Sign Up
   

All
   
 * Login | Sign Up
   
 * 
   

Share
Actions
Subscribers (21)
Suggest Edit
Clone
Embed
Download
Report Spam



BIG HEAD RANSOMWARE

   
 * Created 3 hours ago by akhanafeer
 * Public
 * TLP: White

Big Head is a ransomware family that has gained attention in recent months. It
is not considered a sophisticated strain, with standard encryption methods and
easy-to-detect evasion techniques. The creators of Big Head are continuously
developing and refining the malware, experimenting with different approaches.
The malware can steal various types of data, including browsing history,
directories, drivers, and screenshots. It terminates certain processes to
prevent interference with the encryption process. The encrypted files are marked
with a ".rec_rans" extension, and a ransom note called
"HOW_TO_RECOVERY_FILES.txt" is left on compromised systems. Big Head is
currently spreading through malvertising campaigns that trick users into
installing fraudulent Windows updates and Microsoft Word installers. One variant
of Big Head displays a fake Windows Update screen during the encryption process.

Tags:
worldwind, trojanspy
Malware Families:
WorldWind , TrojanSpy , big head

Endpoint Security
Scan your endpoints for IOCs from this Pulse!
Learn more
 * Indicators of Compromise (77)
 * Related Pulses (28)
 * Comments (0)
 * History (0)

FileHash-MD5 (21)FileHash-SHA256 (35)FileHash-SHA1 (21)

TYPES OF INDICATORS

Show
10 25 50 100
entries
Search:

type

indicator

Role

title

Added

Active

related Pulses

FileHash-SHA256ff900b9224fde97889d37b81855a976cddf64be50af280e04ce53c587d978840Ransom:MSIL/Ryzerlo.AJul
31, 2023, 6:46:31
AM13FileHash-SHA256f6a2ec226c84762458d53f5536f0a19e34b2a9b03d574ae78e89098af20bcaa3Jul
31, 2023, 6:46:31
AM13FileHash-SHA256f59c45b71eb62326d74e83a87f821603bf277465863bfc9c1dcb38a97b0b359dJul
31, 2023, 6:46:31
AM14FileHash-SHA256f354148b5f0eab5af22e8152438468ae8976db84c65415d3f4a469b35e31710fRansom:MSIL/Ryzerlo.AJul
31, 2023, 6:46:31
AM12FileHash-SHA256dcfa0fca8c1dd710b4f40784d286c39e5d07b87700bdc87a48659c0426ec6cb6Jul
31, 2023, 6:46:31
AM14FileHash-SHA256cf9410565f8a06af92d65e118bd2dbaeb146d7e51de2c35ba84b47cfa8e4f53bJul
31, 2023, 6:46:31
AM13FileHash-SHA256be6416218e2b1a879e33e0517bcacaefccab6ad2f511de07eebd88821027f92dJul
31, 2023, 6:46:31
AM12FileHash-SHA256bcf8464d042171d7ecaada848b5403b6a810a91f7fd8f298b611e94fa7250463Jul
31, 2023, 6:46:31
AM14FileHash-SHA256b8e456861a5fb452bcf08d7b37277972a4a06b0a928d57c5ec30afa101d77eadRansom:MSIL/Ryzerlo.AJul
31, 2023, 6:46:31
AM13FileHash-SHA2569c1c527a826d16419009a1b7797ed20990b9a04344da9c32deea00378a6eeee2Jul
31, 2023, 6:46:31 AM13

SHOWING 1 TO 10 OF 77 ENTRIES
1
2
3
4
5
...
8
Next


COMMENTS

You must be logged in to leave a comment.

Refresh Comments

 * © Copyright 2023 AlienVault, Inc.
   
 * Legal
   
 * Status