Statistics

MalwareBazaar produces various statistics on malware samples shared, including their detections. The available statistics can be found below.

Malware sample shared

The chart below shows the number of unique malware samples shared on MalwareBazaar per day over a period of 30 days.


Top Reporters

It wouldn't be possible to operate MalwareBazaar without the help of volunteers who contribute malware samples to MalwareBazaar. The table below shows the top reporters and their Twitter handle.

RankReporterLast activitySubmissions
1 zbetcheckin2024-04-271'146
2 abuse_ch2024-04-27616
3 SecuriteInfoCom2024-04-27454
4 cocaman2024-04-26179
5 lowmal32024-04-26118
6 elfdigest2024-04-25111
7 Bitsight2024-04-2787
8 NDA0NDA02024-04-2662
9 TeamDreier2024-04-2660
10 pmelson2024-04-2556
11 smica832024-04-2654
12 threatcat_ch2024-04-2553
13 fabiodemartin2024-04-2645
14 pr0xylife2024-04-2640
15 tildedennis2024-04-2437

Top Malware Families

Top Tags

Most matching YARA rules

YARA rules that matched most on malware samples in MalwareBazaar.

Malware SamplesYARA ruleAuthorLast match
834unixredflags3Tim Brown @timb_machine2024-04-27
689NETmalware-lu2024-04-27
641Skystars_Malware_ImphashSkystars LightDefender2024-04-27
641pe_imphashNone2024-04-27
636linux_generic_ipv6_catcher@_lubiedo2024-04-27
568DebuggerCheck__APINone2024-04-27
497NETexecutableMicrosoftmalware-lu2024-04-27
426Linux_Trojan_Gafgyt_28a2fe0cElastic Security2024-04-27
422maldoc_find_kernel32_base_method_1Didier Stevens (https://DidierStevens.com)2024-04-27
352setsockoptTim Brown @timb_machine2024-04-27
275maldoc_getEIP_method_1Didier Stevens (https://DidierStevens.com)2024-04-26
271INDICATOR_SUSPICIOUS_Binary_References_BrowsersditekSHen2024-04-26
259INDICATOR_SUSPICIOUS_EXE_Referenfces_File_Transfer_ClientsditekSHen2024-04-26
250meth_get_eipWilli Ballenthin2024-04-26
244INDICATOR_SUSPICIOUS_EXE_References_Confidential_Data_StoreditekSHen2024-04-26

Most downloaded Malware Samples

Most downloaded malware samples on MalwareBazaar.

DownloadsMalware SampleTypeSignatureReporter
2'905001dc9607cd0bc84512d280d3531670ab506d343c8c95925cfceca29d8d0456eExcel file xlsxAgentTesla lowmal3
2'691ab6799b9abcfccd9d1813d07d83b325737221cf242126ad0918c2b84cc16c815Excel file xlsxAgentTesla abuse_ch
2'6540e35040df7f5f63ea95f4f53f75d01209223f4d0085553f0f62a86f874860a0cExcel file xlsx  cocaman
2'62521e858a5c9f9fc429019bc1e7e81191c3f70b4bfacc7275e44d8f09402442f80Excel file xlsx  abuse_ch
2'61036526ab0af0fdae50ab631a47b7c79389210408b47abd87f244b93aacaced06aWord file doc  smica83
2'58199924d37523de5cdf173f694f59253c45650681f629595a4078990b4ec5721d2Word file doc  abuse_ch
2'510a0c344097b361f848249cda8b87539627f640f84e2d06b305757d7e60183e636Word file doc Twitter Anonymous
2'503107665edcd9700b431867906b74021f481d9522afa8777e42163488e43b2061dExcel file xlsx  cocaman
2'502db12648ff3e7bd0b84b21f40151b31bf1481781b95d295bd697a42f3d832495dExcel file xlsm  smica83
2'4990eab45741c6d3abdb145b7c928d045dc77cf3def915d017abc388c2c38da8137Word file docRemcosRAT pr0xylife
2'45509251fe38ebaed5f4dc381ee06c811f5d78e6e65a60f51d6082d72e8772024ffWord file doc  smica83
2'36483e06c4428da65dce3d1e18b4dbb01e880ad508780b44ed3947acd6c2ec75220Word file doc  abuse_ch
2'3515c235e5cae22c77b759b197a0758357bdb7a2a6c92c0edf829132c50108c668aExcel file xlsxRemcosRAT abuse_ch
2'33191d1a7bce25a4a7af93f7183553b134dd6d2e9e1261f55239227cb9d1ce28c35Excel file xlsx  cocaman
2'3140c445a88a2ae89f725c80d65a2c50f66a35619467b0a6b6182e543c7e504b9ffWord file doc  abuse_ch

ANY.RUN ANY.RUN

Top detections by ANY.RUN for malware samples on MalwareBazaar.

CAPE Sandbox CAPE Sandbox

Top detections by CAPE Sandbox for malware samples on MalwareBazaar.

ClamAV ClamAV

Top detections by ClamAV for malware samples on MalwareBazaar.

Intezer Intezer

Top detections by Intezer for malware samples on MalwareBazaar.

Joe Sandbox Joe Sandbox

Top detections by Joe Sandbox for malware samples on MalwareBazaar.

CERT.PL MWDB CERT.PL MWDB

Top detections by CERT.PL MWDB for malware samples on MalwareBazaar.

ReversingLabs ReversingLabs

Top detections by ReversingLabs Titanium Platform for malware samples on MalwareBazaar.

Threatray Threatray

Top detections by Threatray for malware samples on MalwareBazaar.

Triage Triage

Top detections by Triage for malware samples on MalwareBazaar.

UnpacMe UnpacMe

Top detections by UnpacMe for malware samples on MalwareBazaar.

VMRay VMRay

Top detections by VMRay for malware samples on MalwareBazaar.

FileScan.IO FileScan.IO

Top classifications by FileScan.IO for malware samples on MalwareBazaar.

Most discussed Malware Samples

Most discussed (commented) malware samples on MalwareBazaar.

CommentsMalware SampleTypeSignature
1097bb6f30d2fe5546a810da356e41652d1bccfe2130cf77dec36b9ee17c19259dExcel file xlsDridex
6d9b05da007d51cf86d4a6448d17183ab69a195436fe17b497185149676d0e77bExecutable exeTrickBot
47277388a0a82e85fe6eb38ed47bd5640c74f10be64ee6e9b8610c49b73328859 7zHawkEye
3f4841b9b9006e327d58c8d6fb6e1bb3699d05fcd10fcaf7adcdde47efccb13b3 zipAgentTesla
3e97b35c4339e0412571a445b2fe20e30fe91585cad505820b56a098a66e54c23Executable exeAgentTesla
30994e0972430f7cf02b66c290b6e62666c14da2ca9ad369e7cf5447313dc8550Executable exeTrickBot
3667f88e8dcd4a15529ed02bb20da6ae2e5b195717eb630b20b9732c8573c4e83Word file docPhobos
2df822aa4ae822b89d8f1c6b4afe3f9bf4679b7c9872bd95d3cbfab366a57edcaHTML Application (hta) hta 
22b7bdd0b8bde43d8e9d9a32352a408c5028e2a39c694be064a6ed18d0aa830e7Executable exeStop
2251643f0b539eb872ebeb216f1b71f0f8dc8301276ea63dbfdf10a7267ac7379 zip 

Top File Types

Most seen file types associated with malware samples on MalwareBazaar.

Top imphashes

Most seen imphashes on MalwareBazaar.

Malware SampleimphashTop 4 Signatures
588f34d5f2d4577ed6d9ceec516c1f5a744AgentTesla Formbook SnakeKeylogger Loki
50afcdf79be1557326c854b6e20cb900a7AgentTesla RemcosRAT NanoCore QuasarRAT
252eabe9054cad5152567f0699947a2c5bRiseProStealer Amadey RedLineStealer LummaStealer
24d10268a82f0ec0b09c4d5e18431c41e9Stealc LummaStealer Arechclient2
21baa93d47220682c04d92f7797d9224ceRiseProStealer Xtrat DarkComet CoinMiner
18948cc502fe9226992dce9417f952fce3AgentTesla Formbook RemcosRAT RedLineStealer
17e569e6f445d32ba23766ad67d1e3787fAdware.Generic RecordBreaker RedLineStealer GCleaner
16b34f154ec913d2d2c435cbd644e91687GuLoader EpsilonStealer AgentTesla RemcosRAT
15c9619f19f41ef1b7d232f47cfbcc330bStealc Arechclient2
1112f7de8a3c68b276aca25710ff68730eStealc

Top ssdeep hashes

Most seen ssdeep hashes on MalwareBazaar.

Malware SamplessdeepSignature(s)
186144:/qY6irwP7YfmrYiJv7TAPAzdcZqf7DI/L:/nwPkiJvGAzdcUzs/RedLineStealer
21536:9I6mvHvT8kHTwOIjMxA0ouH/zY4XsAlDFZ:q6oHvT8kAMzkqDFMirai
2768:AEwHupU99d2JE0jNJJ83+8zzqgTdVY9/:AEwVs+0jNDY1qi/qMydoom
224576:ZqDEvCTbMWu7rQYlBQcBiT6rprG8a3vyGrX:ZTvC/MTQYxsWR7a3vyGFormbook
21536:+8fTuV2Xljs2f1y11LC0hBrKfHNJ2QfaAQ:+8ru5har24Mirai
23072:Cv/WwsLgaq353qHiCOvhOOyq1DQHbe1kmhxQwoVSUNu:KPLaq351hOOyq1L1kmhxQwoVSUNuMirai
2768:Sa7eo4I0edaGHV5wt1FHMHGxOc/LoipLEoCcoA5bpKQz:Sa7wJW15wtFEc/LZpLEo4AjKMirai
249152:i2LzgioAq4P670Og/d6I+eFRgjpmbLQYLy28UntKyB1:nLzgioh4P670Og/d6I+wgjpaLy0Kaiji
21536:iWnvcKwB0GbszUNaXC3DMqR8eKKHzkI+i4/xlBKXR:EK8xbtaTqk/xlBKMirai
298304:Z9mVusEEQ4kVIb0IamIIkmrIGDeII8jOSPoo:bu8VIb0IamIIkmrIGDeII8HooKaiji

Top dhash icon

Most seen dhashes of icons from PE32 executables and their signatures.

Malware Sampledhash iconSignature(s)
47000000000000000022 x RedLineStealer, 14 x AgentTesla, 4 x Loki
43aae2f3e38383b62923 x AgentTesla, 9 x Formbook, 3 x DarkCloud
3986696ddce4f4d26939 x RiseProStealer
20004000c8c80040006 x Formbook, 5 x AgentTesla, 4 x Neshta
1900822a6ed7a7860012 x AgentTesla, 2 x Neshta, 2 x Formbook
189494b494d4aeaeac6 x RaspberryRobin, 5 x DCRat, 1 x Amadey
17e9e098ae9aba8ab212 x AgentTesla, 2 x Formbook, 1 x DarkCloud
1774f4d4a28e8eb2aa11 x AgentTesla, 5 x Loki, 1 x Formbook
14125ad212e9cd368213 x AgentTesla, 1 x RedLineStealer
1270e4d8b8f8e8c4707 x AgentTesla, 4 x Formbook

Malware sample shared

The chart below shows the number of unique malware samples shared on MalwareBazaar per day over a period of 12 months.


Top Reporters

It wouldn't be possible to operate MalwareBazaar without the help of volunteers who contribute malware samples to MalwareBazaar. The table below shows the top reporters and their Twitter handle.

RankReporterLast activitySubmissions
1 abuse_ch2024-04-27165'659
2 zbetcheckin2024-04-2772'310
3 lazyactivist1922024-01-1769'729
4 Cryptolaemus12024-03-2067'837
5 Seifreed2021-10-1948'947
6 andretavare52024-01-1835'831
7 SecuriteInfoCom2024-04-2732'219
8 JAMESWT_MHT2023-04-2926'183
9 cocaman2024-04-2624'165
10 Libranalysis2024-01-1717'035
11 GovCERT_CH2022-11-1415'557
12 lowmal32024-04-2611'162
13 James_inthe_box2024-04-248'971
14 tolisec2022-07-196'610
15 adrian__luca2024-04-196'595

Top Malware Families

Top Tags

Most matching YARA rules

YARA rules that matched most on malware samples in MalwareBazaar.

Malware SamplesYARA ruleAuthorLast match
94'541Skystars_Malware_ImphashSkystars LightDefender2024-04-27
78'479SharedStringsKatie Kleemola2024-03-27
76'711Email_stealer_bin_memJames_inthe_box2024-04-05
74'503Select_from_enumerationJames_inthe_box2024-02-11
73'333UAC_bypass_bin_memJames_inthe_box2023-03-07
71'649IPPort_combo_memJames_inthe_box2024-03-21
57'374pe_imphashNone2024-04-27
51'168pe_imphash2024-04-27
45'508Cobalt_functions@j0sm12023-08-23
29'569MALWARE_Win_DLLLoaderditekSHen2022-09-07
28'952linux_generic_ipv6_catcher@_lubiedo2024-04-27
28'709pdb_YARAify@wowabiy3142024-01-19
28'457unixredflags3Tim Brown @timb_machine2024-04-27
28'421DridexV4kevoreilly2022-09-07
28'072ach_Dridex_xls_20200528abuse.ch2022-05-06

Most downloaded Malware Samples

Most downloaded malware samples on MalwareBazaar.

DownloadsMalware SampleTypeSignatureReporter
72'08670ab26000929d26e0e4e567bd0dc4158054538485fcfd51dd4b60a534967814b lzhFirebirdRAT GovCERT_CH
52'959c88a22dae5d5564a33736d8cd43835eb46153bafe47fc6e8c267c3b89d4abf04 zip  l205306
42'32059494a51618f234021c0dae2d87667ce9e431b8a75a1b4952d3e48bf71492fbbExecutable exeAgentTesla cocaman
22'8412ae29fff50afc21422c12b4e64b055df4d342fb493a667e18b6dda7ad3403857Executable exeSmoke Loader andretavare5
18'345b0413e037f2efd5eff7a1b80f339dc661bbdd8e36ef176becc12815f78577fabExecutable exeSliver pr0xylife
17'764430dbb439bf85fd2a8846a43c0b0615305ef25ac8b9496d272c2dbefd3158ed2Executable exeSnakeKeylogger abuse_ch
16'1722190623b860d6783e4c6758c057ceecb9023c3b89b824cacc74e6a9c84ed99c1Executable exeRedLineStealer abuse_ch
13'793061e17f3b2fd4a4dce1bf4f8a31198273f1abc47c32456d06fd5997ea4363578PowerPoint file pptx  Jagdtiger88mm
13'73792779228416f0dce42fd4e3d1ead5cfaecf563694391c01f421c53edd773b72ePowerPoint file pptx  cocaman
13'6744dd75e9c997abbb78aff675a28039b49ed7ebbfc2d97a4e378f7fd0d03d7e2fdPowerPoint file pptx  cocaman
13'5897e6aaa62831f2c2d26fbd3af7a7650fced824eb60c8dcbb85bb61c25a9614674PowerPoint file pptx  EldadViola
13'582b206ac5443480cdf5dfec41a5ff725efa5aa550251c908f1309f848d0ce57600PowerPoint file pptx Twitter Anonymous
13'552b97e12807dcde2a8fd53d7f8e74336442d0cf8dbed19c0a44fcef359160bdd77PowerPoint file pptx  Neiki__
13'5504e09c7b070043bd5bf50b7b2038dd170b491128eb28f5fdf61d9a07e831ece3cPowerPoint file pptx  cocaman
11'743378ddb826b406a8bdcd2358760d93822f83250ed8709ab33aa951042c85c9882Executable exeLummaStealer abuse_ch

ANY.RUN ANY.RUN

Top detections by ANY.RUN for malware samples on MalwareBazaar.

CAPE Sandbox CAPE Sandbox

Top detections by CAPE Sandbox for malware samples on MalwareBazaar.

ClamAV ClamAV

Top detections by ClamAV for malware samples on MalwareBazaar.

Intezer Intezer

Top detections by Intezer for malware samples on MalwareBazaar.

Joe Sandbox Joe Sandbox

Top detections by Joe Sandbox for malware samples on MalwareBazaar.

CERT.PL MWDB CERT.PL MWDB

Top detections by CERT.PL MWDB for malware samples on MalwareBazaar.

ReversingLabs ReversingLabs

Top detections by ReversingLabs Titanium Platform for malware samples on MalwareBazaar.

Threatray Threatray

Top detections by Threatray for malware samples on MalwareBazaar.

Triage Triage

Top detections by Triage for malware samples on MalwareBazaar.

UnpacMe UnpacMe

Top detections by UnpacMe for malware samples on MalwareBazaar.

VMRay VMRay

Top detections by VMRay for malware samples on MalwareBazaar.

FileScan.IO FileScan.IO

Top classifications by FileScan.IO for malware samples on MalwareBazaar.

Most discussed Malware Samples

Most discussed (commented) malware samples on MalwareBazaar.

CommentsMalware SampleTypeSignature
1097bb6f30d2fe5546a810da356e41652d1bccfe2130cf77dec36b9ee17c19259dExcel file xlsDridex
6d9b05da007d51cf86d4a6448d17183ab69a195436fe17b497185149676d0e77bExecutable exeTrickBot
47277388a0a82e85fe6eb38ed47bd5640c74f10be64ee6e9b8610c49b73328859 7zHawkEye
3f4841b9b9006e327d58c8d6fb6e1bb3699d05fcd10fcaf7adcdde47efccb13b3 zipAgentTesla
3e97b35c4339e0412571a445b2fe20e30fe91585cad505820b56a098a66e54c23Executable exeAgentTesla
30994e0972430f7cf02b66c290b6e62666c14da2ca9ad369e7cf5447313dc8550Executable exeTrickBot
3667f88e8dcd4a15529ed02bb20da6ae2e5b195717eb630b20b9732c8573c4e83Word file docPhobos
2df822aa4ae822b89d8f1c6b4afe3f9bf4679b7c9872bd95d3cbfab366a57edcaHTML Application (hta) hta 
22b7bdd0b8bde43d8e9d9a32352a408c5028e2a39c694be064a6ed18d0aa830e7Executable exeStop
2251643f0b539eb872ebeb216f1b71f0f8dc8301276ea63dbfdf10a7267ac7379 zip 

Top File Types

Most seen file types associated with malware samples on MalwareBazaar.

Top imphashes

Most seen imphashes on MalwareBazaar.

Malware SampleimphashTop 4 Signatures
126'280f34d5f2d4577ed6d9ceec516c1f5a744AgentTesla Formbook SnakeKeylogger Loki
14'515646167cce332c1c252cdcb1839e0cf48RedLineStealer Amadey Smoke Loader LummaStealer
9'777c9f7e018b269f1b5fe81cf757d6f8e93Heodo
8'608987b9d7dc84d935c3675da82d40e06f2Dridex Gozi Tofsee VelvetSweatshopDridex
7'285884310b1928934402ea6fec1dbd3cf5eGCleaner Socks5Systemz RaccoonStealer RedLineStealer
3'32487bed5a7cba00c7e1f4015f1bdae2183Jadtre IcedID TrickBot Netsky
3'16661259b55b8912888e90f516ca08dc514Formbook AgentTesla GuLoader SnakeKeylogger
2'2173786a4cf8bfee8b4821db03449141df4Adware.Neoreklami RedLineStealer
2'180433637d5d88b1ab11a7e5bfc30abfe93Dridex
1'9907fa974366048f9c551ef45714595665eFormbook Loki AgentTesla SnakeKeylogger

Top ssdeep hashes

Most seen ssdeep hashes on MalwareBazaar.

Malware SamplessdeepSignature(s)
1'12412288:J2+J+l5QvSoOUkQNPRoswLLjfsHJNF05s:AJl5QrrkQFCHspN4Quakbot
1'12312288:U2+J+l5QvSoOUkQGPRoswLLjfsHJNF05F:PJl5QrrkQOCHspN4Quakbot
1'12112288:l2+J+l5QvSoOUkQiPRoswLLjfsHJNF05h:8Jl5QrrkQaCHspN4Quakbot
5281536:1I+Hymsbck3hbdlylKsgqopeJBWhZFGkE+cMLxAAISQ5gQ72IotO6nitSU6U+x:1I+HymsYk3hbdlylKsgqopeJBWhZFGkzSilentBuilder Heodo
4191536:H0k3hbdlylKsgqopeJBWhZFGkE+cMLxAAIzSEV2NnX4Ia3gg5W8IuD7PoHsP7e3/:H0k3hbdlylKsgqopeJBWhZFGkE+cMLxzSilentBuilder Heodo
416768:0Jlk3hbdlylKsgqopeJBWhZFGkE+cMLxAAIZEtm/piJaiyH5YnJe+eO+8WoFYpLd:0rk3hbdlylKsgqopeJBWhZFGkE+cMLx6SilentBuilder Heodo
4011536:u8rk3hbdlylKsgqopeJBWhZFGkE+cL2NdAE6yHBEL70drpFk0GX/s2C6ORQYDBhQ:ugk3hbdlylKsgqopeJBWhZFGkE+cL2N8SilentBuilder Heodo
3733072:IFNthWQl/rSJ7lvt9filcZritkrINAEYsm2:IBhWQ/mJLflrOAp2Gozi Heodo
3513072:zs+Hyms0k3hbdlylKsgqopeJBWhZFGkE+cMLxAAIb4UgCEqM5mheHRAjNKnlGIz/:o+Hyms0k3hbdlylKsgqopeJBWhZFVE+PSilentBuilder Heodo
30712288:xyP2Md2hn+tDKFtKwK5KLK6KYK5KlK3K1aoNl7Mv+lwVwy:grdO+tDKFQoNOmlTrickBot

Top dhash icon

Most seen dhashes of icons from PE32 executables and their signatures.

Malware Sampledhash iconSignature(s)
15'091f8f0f4c8c8c8d8f08'761 x RedLineStealer, 5'018 x Amadey, 287 x Smoke Loader
5'532b2a89c96a2cada722'276 x Formbook, 981 x Loki, 786 x AgentTesla
4'155b298acbab2ca7a722'327 x GCleaner, 1'200 x Socks5Systemz, 66 x RedLineStealer
3'85171b119dcce5763333'558 x Heodo, 202 x TrickBot, 13 x Gh0stRAT
2'610848c5454baf474741'982 x Adware.Neoreklami, 99 x RedLineStealer, 33 x DiamondFox
2'2700000000000000000716 x AgentTesla, 282 x Formbook, 202 x SnakeKeylogger
1'3799494b494d4aeaeac386 x DCRat, 161 x RedLineStealer, 134 x CryptOne
1'150fefce49e86c0fcfe884 x Socks5Systemz, 259 x RaccoonStealer
1'017399998ecd4d46c0e572 x Quakbot, 137 x ArkeiStealer, 54 x RecordBreaker
81379756cecb29999b9731 x Heodo, 20 x Nitol, 20 x ManusCrypt