Statistics

MalwareBazaar produces various statistics on malware samples shared, including their detections. The available statistics can be found below.

Past 14 days
Overall

Malware sample shared

The chart below shows the number of unique malware samples shared on MalwareBazaar per day over a period of 30 days.

Top Reporters

It wouldn't be possible to operate MalwareBazaar without the help of volunteers who contribute malware samples to MalwareBazaar. The table below shows the top reporters and their Twitter handle.

Rank	Reporter	Last activity	Submissions
1	@zbetcheckin	2022-01-25	1'866
2	@abuse_ch	2022-01-25	1'356
3	@Cryptolaemus1	2022-01-25	372
4	@r3dbU7z	2022-01-24	335
5	@GovCERT_CH	2022-01-25	279
6	@tolisec	2022-01-25	219
7	@cocaman	2022-01-25	218
8	@JAMESWT_MHT	2022-01-24	169
9	@SecuriteInfoCom	2022-01-24	132
10	@pr0xylife	2022-01-24	105
11	@lowmal3	2022-01-24	97
12	@TeamDreier	2022-01-24	85
13	@malwarelabnet	2022-01-24	67
14	@James_inthe_box	2022-01-24	66
15	@madjack_red	2022-01-24	56

Top Malware Families

Top Tags

Most matching YARA rules

YARA rules that matched most on malware samples in MalwareBazaar.

Malware Samples	YARA rule	Author	Last match
1'104	pe_imphash		2022-01-25
1'104	Skystars_Malware_Imphash	Skystars LightDefender	2022-01-25
758	unixredflags3	Tim Brown @timb_machine	2022-01-25
705	linux_generic_ipv6_catcher	@_lubiedo	2022-01-25
605	BitcoinAddress	Didier Stevens (@DidierStevens)	2022-01-24
488	Excel_Hidden_Macro_Sheet		2022-01-24
485	SUSP_Excel4Macro_AutoOpen	John Lambert @JohnLaTwC	2022-01-24
281	Qbot	Dhanunjaya	2022-01-24
257	MALW_emotet	Marc Rivero \| McAfee ATR Team	2022-01-24
231	MALWARE_Win_RedLine	ditekSHen	2022-01-25
189	SUSP_XORed_Mozilla	Florian Roth	2022-01-25
189	SUSP_XORed_Mozilla_RID2DB4	Florian Roth	2022-01-25
179	enterpriseapps2	Tim Brown @timb_machine	2022-01-24
165	MALWARE_Win_AgentTeslaV3	ditekSHen	2022-01-24
163	ach_AgentTesla_20200929	abuse.ch	2022-01-24

Most downloaded Malware Samples

Most downloaded malware samples on MalwareBazaar.

Downloads	Malware Sample	Type	Signature	Reporter
642	677e96c45b7d459b90128c62cea326921fd521e88bfe6b4cd0ebdeb4d099dd21	xls	Heodo	@TeamDreier
587	94d896ef290e49071db37de97179eab015471ba6e4e007b39b7755045283c455	rar	Formbook	@TeamDreier
582	cf14954bed171f8ef80867075b0270de01a7afbfdeeaefe720a4136652bcbccc	xls	Heodo	@TeamDreier
576	c50ff73171a44b630603da4098f2807aaba93b2d3ee5dcf6f50fae6357e46c5d	xls	Heodo	@TeamDreier
575	3ee83f37586c2ff9351441551fdab1a50b7e2993d13ab30ae2c7a8628951ba96	rar	CryptBot	@iam_py_test
565	4e568efe3b7b6208a1948ac631958eafd202908b13cc2da77753ae93271e4bd3	xls	Heodo	@TeamDreier
563	e33811b4dab432d10d50a8357ec88ab255590ac412e6a386ae3cee55c40df20e	xls	Heodo	@TeamDreier
561	7bd1caac9273f146c98bf66f7e1c2194e1aa3076a3a1676e8a5cd18739457e08	xls	Heodo	@TeamDreier
560	6486f4730c2041aa4e8c96ecc214d10c1b014e958e85d01c2da7934b984fb42e	xls	Heodo	@TeamDreier
559	9ae234d53391aaabe67979636eb96396d92a3efc10efae792c2702488f221b22	xls	Heodo	@TeamDreier
558	43c9f9efaf6856547f4d99c31ac8d78dbed381cfd09826b6a1b08efc9b261397	xls	Heodo	@TeamDreier
555	65e756cc7cbb530ce22eb343803aad4ce6d6c356dc6db4aa0db139e71485803e	xls	Heodo	@TeamDreier
554	b7a9d981f8642bb827622a36da2d8dee83c2505c525891d7a897e73b6c4c32e8	gz		@c0r3dump3d11
551	cbbeb47f7b0343ffabb173ed0dbb38ae17477129c5dce9bf866814a4f42e3389	xls	Heodo	@TeamDreier
550	1aae4a0ee3da930c656e21a78157065ee57337828611b33ee39ca924e8c8ccfe	zip		@r3dbU7z

CAPE Sandbox

Top detections by CAPE Sandbox for malware samples on MalwareBazaar.

ClamAV

Top detections by ClamAV for malware samples on MalwareBazaar.

Intezer

Top detections by Intezer for malware samples on MalwareBazaar.

Joe Sandbox

Top detections by Joe Sandbox for malware samples on MalwareBazaar.

CERT.PL MWDB

Top detections by CERT.PL MWDB for malware samples on MalwareBazaar.

ReversingLabs

Top detections by ReversingLabs Titanium Platform for malware samples on MalwareBazaar.

Threatray

Top detections by Threatray for malware samples on MalwareBazaar.

Triage

Top detections by Triage for malware samples on MalwareBazaar.

UnpacMe

Top detections by UnpacMe for malware samples on MalwareBazaar.

VMRay

Top detections by VMRay for malware samples on MalwareBazaar.

FileScan.IO

Top classifications by FileScan.IO for malware samples on MalwareBazaar.

Most discussed Malware Samples

Most discussed (commented) malware samples on MalwareBazaar.

Comments	Malware Sample	Type	Signature
10	97bb6f30d2fe5546a810da356e41652d1bccfe2130cf77dec36b9ee17c19259d	xls	Dridex
6	d9b05da007d51cf86d4a6448d17183ab69a195436fe17b497185149676d0e77b	exe	TrickBot
4	7277388a0a82e85fe6eb38ed47bd5640c74f10be64ee6e9b8610c49b73328859	7z	HawkEye
3	f4841b9b9006e327d58c8d6fb6e1bb3699d05fcd10fcaf7adcdde47efccb13b3	zip	AgentTesla
3	e97b35c4339e0412571a445b2fe20e30fe91585cad505820b56a098a66e54c23	exe	AgentTesla
3	0994e0972430f7cf02b66c290b6e62666c14da2ca9ad369e7cf5447313dc8550	exe	TrickBot
3	667f88e8dcd4a15529ed02bb20da6ae2e5b195717eb630b20b9732c8573c4e83	doc	Phobos
2	df822aa4ae822b89d8f1c6b4afe3f9bf4679b7c9872bd95d3cbfab366a57edca	hta
2	2b7bdd0b8bde43d8e9d9a32352a408c5028e2a39c694be064a6ed18d0aa830e7	exe	Stop
2	251643f0b539eb872ebeb216f1b71f0f8dc8301276ea63dbfdf10a7267ac7379	zip

Top File Types

Most seen file types associated with malware samples on MalwareBazaar.

Top imphashes

Most seen imphashes on MalwareBazaar.

Malware Sample	imphash	Top 4 Signatures
962	f34d5f2d4577ed6d9ceec516c1f5a744	AgentTesla Formbook Loki RedLineStealer
212	099c0646ea7282d232219f8807883be0	Formbook Loki AgentTesla SnakeKeylogger
58	6d1d8c8ae132591dccaaeee10258dcba	Heodo
54	3773ad24a3d7afbf38a113a01a5bf2a6	Heodo
54	90add561a8bf6976696c056c199a41b8	Heodo
53	f30f2b5b65c947eccbf132b668fe3257	BazaLoader IcedID
50	edc5bede1d4d23eae237013f09324b61	Heodo
43	c284fa365c4442728ac859c0f9ed4dc5	RedLineStealer CoinMiner RaccoonStealer CoinMiner.XMRig
41	d7550206da3051d1cc941927ae3a1f09	Heodo
40	db30434b523187bc6920e9d2dfeaaf26	Heodo

Top ssdeep hashes

Most seen ssdeep hashes on MalwareBazaar.

Malware Sample	ssdeep	Signature(s)
116	3072:4Rk3hbdlylKsgqopeJBWhZFGkE+cL2NdAlhEvN8B/W6X1yxYovrepMUdQ6gSz4iq:Qk3hbdlylKsgqopeJBWhZFVE+W2NdAli	Heodo SilentBuilder
73	1536:bpEk3hbdlylKsgqopeJBWhZFGkE+cL2NdA8eXZiozeOgXVZKyaZpvyR1kZkJvU+:bCk3hbdlylKsgqopeJBWhZFGkE+cL2Nr	Heodo SilentBuilder
58	3072:Wuk3hbdlylKsgqopeJBWhZFGkE+cL2NdAxEvN8B/W6X1yxYovrepMUdQ6gSz4i:Fk3hbdlylKsgqopeJBWhZFVE+W2NdAmv	SilentBuilder Heodo
17	3072:n/k3hbdlylKsgqopeJBWhZFGkE+cL2NdAFxe53lGvFTQ3IzxgdrvxpU0OKvMB:/k3hbdlylKsgqopeJBWhZFVE+W2NdAOK	Heodo SilentBuilder
12	3072:yW+nBqmsk3hbdlylKsgqopeJBWhZFGkE+cMLxAAIXxe53lGvFTQ3IzxgdrvxpU0S:t+nBqmsk3hbdlylKsgqopeJBWhZFVE+S	Heodo SilentBuilder
12	1536:5lNk3hbdlylKsgqopeJBWhZFGkE+cL2NdAfNzMk95+ooipzMk9o+oo:5Hk3hbdlylKsgqopeJBWhZFGkE+cL2NU	SilentBuilder Heodo
11	3072:+5+nBqm9k3hbdlylKsgqopeJBWhZFGkE+cMLxAAIMEvN8B/W6X1yxYovrepMUdQm:i+nBqm9k3hbdlylKsgqopeJBWhZFVE+g	Heodo SilentBuilder
9	3072:bKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgtlyVEdBU6hubsll6UQjvxO:bKpb8rGYrMPe3q7Q0XV5xtuEsi8/dgjv	SilentBuilder Heodo
9	3072:yKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgQCyVEdBU6hubsll6UQjvxm:yKpb8rGYrMPe3q7Q0XV5xtuEsi8/dgbr	SilentBuilder
9	3072:bKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgtlyVEdBU6hubsll6UQjvxq:bKpb8rGYrMPe3q7Q0XV5xtuEsi8/dgjT	SilentBuilder Heodo

Top dhash icon

Most seen dhashes of icons from PE32 executables and their signatures.

Malware Sample	dhash icon	Signature(s)
261	71b119dcce576333	241 x Heodo
158	79756cecb29999b9	157 x Heodo, 1 x BazaLoader
156	b2a89c96a2cada72	57 x Formbook, 53 x Loki, 22 x AgentTesla
60	108480c0e6606008	47 x Heodo
58	a498afacb7b0a882	58 x Heodo
44	fcfcb4b4b494d9c1	31 x RedLineStealer, 4 x Smoke Loader, 3 x ArkeiStealer
31	02172236860f3333	31 x Heodo
29	fcfcb4b4b4d4d9c1	20 x RedLineStealer, 4 x RaccoonStealer, 2 x ArkeiStealer
27	9494b494d4aeaeac	9 x DCRat, 2 x RedLineStealer, 1 x AsyncRAT
26	1efef2c2e4a0e0e0	15 x AgentTesla, 3 x Formbook, 2 x Loki