Statistics

Top Reporters Signatures (Malware Family) Most downloaded Malware Samples Most discussed Malware Samples Most used tags Clamav signature ReversingLabs CAPE Sandbox CERT.PL MWDB File Types imphashes ssdeep

Number of submissions (past 30 days)

The chart below documents the number of submissions (unique malware samples) to MalwareBazaar per day over a period of 30 days.


Top Reporters

It wouldn't be possible to operate MalwareBazaar without the help of volunteers who contribute malware samples to MalwareBazaar. The table below shows the top reporters and their Twitter handle.

RankReporterSubmissions
1Twitter @lazyactivist19269'705
2Twitter @abuse_ch53'815
3Twitter @Seifreed48'946
4Twitter @Cryptolaemus138'575
5Twitter @JAMESWT_MHT11'462
6Twitter @SecuriteInfoCom7'256
7Twitter @cocaman5'760
8Twitter @FORMALITYDE5'476
9Twitter @jarumlus5'257
10Twitter @James_inthe_box3'018
11Twitter @GovCERT_CH2'721
12Twitter @ov3rflow12'337
13Twitter @Jouliok1'931
14Twitter @malware_traffic1'529
15Twitter @raashidbhatt1'104

Top Malware Family

Most seen malware family (signature) associated with malware samples on MalwareBazaar.

Most downloaded Malware Samples

Most downloaded malware samples on MalwareBazaar.

DownloadsMalware SampleTypeSignatureReporter
71'96370ab26000929d26e0e4e567bd0dc4158054538485fcfd51dd4b60a534967814b lzhFirebirdRATTwitter @GovCERT_CH
2'499f0ad6a854cc6b8511c0499267c59c3e9a987845c912f3da030dd5a2201978385 shTwitter @ov3rflow1
2'415afb4b0092c76214b9ac99cf9c00ae56163916c04e7713bd56a38abf07a81a7d7 htmlTwitter @TheGing3rm4n
2'39902419de92a33a88bc17701008182ca9f7ea8d4645311b837b98738acdea83254 shTwitter @ov3rflow1
2'3895470f0644589685000154cb7d3f60280acb16e39ca961cce2c016078b303bc1bunknownTwitter @Threat_hunts
2'383455e09d22b9e9b172e5cf25a87f70c079bf97edc0295251a42f48211caf5043fVisual Basic Script (vbs) vbsTwitter @creP_R2point0
2'3807fad486d054e36626a9842c99b2ff58dbf9e264d8faf45b3376afa02f0e829a7 shTwitter @ov3rflow1
2'3790a1375c20684fb7bba86548825e2e16ce0ad34c21da4b562e8774df154aa8c67 cabTwitter @cocaman
2'37042f8b10e4051c44e24067701b80674ac907fb49435cbb300e6b3fd6902d3de27unknownTwitter @ov3rflow1
2'370c2577719ac323c385fdae61c336d5582472c2441ac1ec0699ec0948305ae8786 shTwitter @ov3rflow1
2'369b4e670799c0a241b69b231fd9a1d3c2e2a29b4d4d67c9bf746c01a6f19b0210d shTwitter @ov3rflow1
2'36837ed866abc19465aa2172d651bbd3ffe2836add54ba3065ff7189f1a75410d9funknownTwitter @Marco_Ramilli
2'36461043ee383ff19ba6d5e65e455dd8d1170f1f6365dfb9c9c0764171f519ceb55 shTwitter @ov3rflow1
2'363cf932ebbd2a2684dec9a823f2c223ef1666a18683dc342f45d71d99508624e88 shTwitter @ov3rflow1
2'360560393402e176329d8bf14ad5bef7ab8e1d079f62a569600bad6daba2ccd25e3 shTwitter @ov3rflow1

Most discussed Malware Samples

Most discussed (commented) malware samples on MalwareBazaar.

CommentsMalware SampleTypeSignature
1097bb6f30d2fe5546a810da356e41652d1bccfe2130cf77dec36b9ee17c19259dExcel file xlsDridex
47277388a0a82e85fe6eb38ed47bd5640c74f10be64ee6e9b8610c49b73328859 7zHawkEye
3e97b35c4339e0412571a445b2fe20e30fe91585cad505820b56a098a66e54c23Executable exeAgentTesla
3f4841b9b9006e327d58c8d6fb6e1bb3699d05fcd10fcaf7adcdde47efccb13b3 zip 
30994e0972430f7cf02b66c290b6e62666c14da2ca9ad369e7cf5447313dc8550Executable exeTrickBot
3667f88e8dcd4a15529ed02bb20da6ae2e5b195717eb630b20b9732c8573c4e83Word file docPhobos
2251643f0b539eb872ebeb216f1b71f0f8dc8301276ea63dbfdf10a7267ac7379 zip 
24489591775f245687f693d6c2463835297e0908c9f7501e53567bc9369a73b91 zip 
29aa75631b7a56a84117e5aed0540fb74dfcde2c36d52744156381c9161603e28 zip 
23fdc7380613344c2b9458117b45028516709b68c2b3ed296ac688378a46caae6 zip 

Top Tags

Most seen tags associated with malware samples on MalwareBazaar.

Top ClamAV signature

Most seen ClamAV signature detecting malware samples on MalwareBazaar.

ReversingLabs

Top threat name matching malware samples on MalwareBazaar.

CAPE Sandbox

Top detection matching malware samples on MalwareBazaar.

CERT.PL MWDB

Top malware family on MalwareBazaar.

Top File Types

Most seen file types associated with malware samples on MalwareBazaar.

Top imphashes

Most seen imphashes on MalwareBazaar.

Malware SampleimphashTop 4 Signatures
32'483f34d5f2d4577ed6d9ceec516c1f5a744AgentTesla Formbook njrat NanoCore
9'777c9f7e018b269f1b5fe81cf757d6f8e93Heodo
3'19387bed5a7cba00c7e1f4015f1bdae2183Netsky Rapid njrat VTFlooder
1'95850f8a2255c4baf188eb0098c86160f78Heodo
1'506015974618e9105226f001019d35e62e5Quakbot
1'434676f4bc1db7fb9f072b157186a10179eAveMariaRAT Riskware.Generic
1'3676a92ab663de3ecd4063c87695c1ffbc2Heodo TrickBot
1'362afcdf79be1557326c854b6e20cb900a7AgentTesla RemcosRAT NanoCore QuasarRAT
1'2400b23b9ad9f12b8fc28e61bff35382e32TrickBot
1'0143d95adbf13bbe79dc24dccb401c12091AgentTesla NanoCore Loki FormBook

Top ssdeep hashes

Most seen ssdeep hashes on MalwareBazaar.

Malware SamplessdeepSignature(s)
1'12412288:J2+J+l5QvSoOUkQNPRoswLLjfsHJNF05s:AJl5QrrkQFCHspN4Quakbot
1'12312288:U2+J+l5QvSoOUkQGPRoswLLjfsHJNF05F:PJl5QrrkQOCHspN4Quakbot
1'12112288:l2+J+l5QvSoOUkQiPRoswLLjfsHJNF05h:8Jl5QrrkQaCHspN4Quakbot
3733072:IFNthWQl/rSJ7lvt9filcZritkrINAEYsm2:IBhWQ/mJLflrOAp2Gozi Heodo
30712288:xyP2Md2hn+tDKFtKwK5KLK6KYK5KlK3K1aoNl7Mv+lwVwy:grdO+tDKFQoNOmlTrickBot
180384:fnqmQF9b8PdvtUuiyaFwrEnO2/7vUU2aGcuFjqZ5g:yme9bodlpkqkOOjUdaGciq5gQuakbot
180384:PnqmQF9b8PdvtUuiyaFwrEnO2/7vUyV2aGcuFjqZUb:Cme9bodlpkqkOOjU/aGciqUbQuakbot
180384:/nqmQF9b8PdvtUuiyaFwrEnO2/7vUU2aGcuFjqZ5g:Sme9bodlpkqkOOjUdaGciq5gQuakbot
179384:/nqmQF9b8PdvtUuiyaFwrEnO2/7vUyV2aGcuFjqZUb:Sme9bodlpkqkOOjU/aGciqUbQuakbot
179384:/nqmQF9b8PdvtUuiyaFwrEnO2/7vUjqN2aGcuFjqZM:Sme9bodlpkqkOOjUjqgaGciqMQuakbot