Authenticate for API access | If you are experiencing issues with receiving data from abuse.ch platforms via API, please ensure your requests are authenticated.
➡️ Read here for more info

Statistics

MalwareBazaar produces detailed statistics on shared malware samples, including associated detections - find the available statistics below.

You can also access Spamhaus's Malware Digest report, based on MalwareBazaar data:

Malware sample shared

The chart below shows the number of unique malware samples shared on MalwareBazaar per day over a period of 30 days.


Top Reporters

It wouldn't be possible to operate MalwareBazaar without the help of volunteers who contribute malware samples to MalwareBazaar. The table below shows the top reporters and their Twitter handle.

RankReporterLast activitySubmissions
1 abuse_ch2025-09-173'235
2 adrian__luca2025-09-15685
3 JAMESWT_WT2025-09-17480
4 aachum2025-09-17270
5 SecuriteInfoCom2025-09-17156
6 Bitsight2025-09-17153
7 smica832025-09-17143
8 burger2025-09-17134
9 ShadowOpCode2025-09-17125
10 cocaman2025-09-17115
11 lowmal32025-09-16108
12 mohit2025-09-1389
13 threatcat_ch2025-09-1787
14 sasper2025-09-1773
15 mazznrz2025-09-1759

Top Malware Families

Top Tags

Most matching YARA rules

YARA rules that matched most on malware samples in MalwareBazaar.

Malware SamplesYARA ruleAuthorLast match
5'114CP_AllMal_DetectorDiegoAnalytics2025-09-17
2'033Sus_Obf_Enc_Spoof_Hide_PEXiAnzheng2025-09-17
1'478golang_bin_JCorn_CSC846Justin Cornwell2025-09-17
1'354DebuggerCheck__APINone2025-09-17
1'349CP_Script_Inject_DetectorDiegoAnalytics2025-09-17
1'338unixredflags3Tim Brown @timb_machine2025-09-17
1'289NETmalware-lu2025-09-17
1'159linux_generic_ipv6_catcher@_lubiedo2025-09-17
1'133Sus_CMD_Powershell_UsageXiAnzheng2025-09-17
1'109DetectEncryptedVariantsZinyth2025-09-17
1'016Skystars_Malware_ImphashSkystars LightDefender2025-09-17
1'015pe_imphashNone2025-09-17
955pe_detect_tls_callbacksNone2025-09-17
726RIPEMD160_Constantsphoul (@phoul)2025-09-17
726SHA1_Constantsphoul (@phoul)2025-09-17

Most downloaded Malware Samples

Most downloaded malware samples on MalwareBazaar.

DownloadsMalware SampleTypeSignatureReporter
1'19354138039e021c6c40952b557bf9e6268367126d6c5e6855e44cc946d55a3b65dExecutable exeLummaStealer aachum
91161c627b91b8c3561fcc361979d692af9580dc8b29feae4bbb5190d9179993ca1Executable exeLummaStealer aachum
744748b519ee2cab51a9b3ff686f5c9ed231b5509f61d698adbd6e842dc3c6cf9a4Executable exePythonStealer AntiSkidding
66684f34f24a7f7852ac1c5e99ec3de6e215138d7b8a39514963dc6596945b105d8Executable exe  SquiblydooBlog
5857e86e56a55a1b0b46efba0af0be6faa34a6beeb55720e9c51ed7fb141d1a9d2dExecutable exeLummaStealer aachum
4714ee64ee6675e57437979af402f34e2d40e0442479974c95dba88b20e3f31b5f9Executable exe  AntiSkidding
44287c1c62369657904418affebca3f706a4e968dd1a672729274ba287dfae43be4Executable exe  AntiSkidding
2810550c78069d778acf2fe32c87b5898e90de62f08a6b741aefd332e64e68e8c76Executable exeLummaStealer Bitsight
253aa68e02c8826ddb267e5513e181e3ae48cd02c5d1f25c41166b992bf6cfea04b zip  JAMESWT_WT
223ab24248296df1b0044a98cf250b65ec40adeb9b1ff4db9c3ee7e675985b4c4c5Executable exeCoinMiner burger
21269e0d212862b36fc44f33e7a05d27b545db8e9d02d77e0770e5c947391ae7f78Executable exeAmadey AntiSkidding
206425e898cb6b7d2dca7b9f0f22bca758c2390aad5f61e070d1c6049dfa38bc9b3Executable exeDogeStealer JAMESWT_WT
2056d80b98eef771c5419e2e56634d93e9899bbb077f0ff6fbd6892ef775535bd65Executable exe  SecuriteInfoCom
204e3356215981ea7908f0c10e174a8d93db48492f5e9ee0242d416ac8e3d81421fExecutable exeLummaStealer Bitsight
19856d79c80e1284367fd40c21b678378ced4010b6b747c4f698100ff1ecd13c708Executable exeAmadey tcains1

ANY.RUN ANY.RUN

Top detections by ANY.RUN for malware samples on MalwareBazaar.

ClamAV ClamAV

Top detections by ClamAV for malware samples on MalwareBazaar.

Intezer Intezer

Top detections by Intezer for malware samples on MalwareBazaar.

Joe Sandbox Joe Sandbox

Top detections by Joe Sandbox for malware samples on MalwareBazaar.

CERT.PL MWDB CERT.PL MWDB

Top detections by CERT.PL MWDB for malware samples on MalwareBazaar.

ReversingLabs ReversingLabs

Top detections by ReversingLabs Titanium Platform for malware samples on MalwareBazaar.

Threatray Threatray

Top detections by Threatray for malware samples on MalwareBazaar.

Triage Triage

Top detections by Triage for malware samples on MalwareBazaar.

UnpacMe UnpacMe

Top detections by UnpacMe for malware samples on MalwareBazaar.

VMRay VMRay

Top detections by VMRay for malware samples on MalwareBazaar.

FileScan.IO FileScan.IO

Top classifications by FileScan.IO for malware samples on MalwareBazaar.

CyberFortress CyberFortress

Top classifications by CyberFortress for malware samples on MalwareBazaar.

ThreatZone ThreatZone

Top classifications by ThreatZone for malware samples on MalwareBazaar.

Most discussed Malware Samples

Most discussed (commented) malware samples on MalwareBazaar.

CommentsMalware SampleTypeSignature
1097bb6f30d2fe5546a810da356e41652d1bccfe2130cf77dec36b9ee17c19259dExcel file xlsDridex
6d9b05da007d51cf86d4a6448d17183ab69a195436fe17b497185149676d0e77bExecutable exeTrickBot
47277388a0a82e85fe6eb38ed47bd5640c74f10be64ee6e9b8610c49b73328859 7zHawkEye
3f4841b9b9006e327d58c8d6fb6e1bb3699d05fcd10fcaf7adcdde47efccb13b3 zipAgentTesla
3e97b35c4339e0412571a445b2fe20e30fe91585cad505820b56a098a66e54c23Executable exeAgentTesla
30994e0972430f7cf02b66c290b6e62666c14da2ca9ad369e7cf5447313dc8550Executable exeTrickBot
3667f88e8dcd4a15529ed02bb20da6ae2e5b195717eb630b20b9732c8573c4e83Word file docPhobos
2df822aa4ae822b89d8f1c6b4afe3f9bf4679b7c9872bd95d3cbfab366a57edcaHTML Application (hta) hta 
22b7bdd0b8bde43d8e9d9a32352a408c5028e2a39c694be064a6ed18d0aa830e7Executable exeStop
2251643f0b539eb872ebeb216f1b71f0f8dc8301276ea63dbfdf10a7267ac7379 zip 

Top File Types

Most seen file types associated with malware samples on MalwareBazaar.

Top imphashes

Most seen imphashes on MalwareBazaar.

Malware SampleimphashTop 4 Signatures
932f34d5f2d4577ed6d9ceec516c1f5a744AgentTesla Formbook SnakeKeylogger RedLineStealer
1271895460fffad9475fda0c84755ecfee1Formbook AgentTesla a310Logger RemcosRAT
68b729b61eb1515fcf7b3e511e4e66258bLummaStealer Rhadamanthys Adware.Generic Arechclient2
492eabe9054cad5152567f0699947a2c5bLummaStealer Stealc Healer Amadey
4691d07a5e22681e70764519ae943a5883Formbook AgentTesla SnakeKeylogger RemcosRAT
4132f3282581436269b3a75b6675fe3e08LummaStealer Rhadamanthys CoinMiner Arechclient2
41b34f154ec913d2d2c435cbd644e91687GuLoader RemcosRAT EpsilonStealer AgentTesla
3712e12319f1029ec4f8fcbed7e82df162DCRat RedLineStealer Formbook SnakeKeylogger
35d42595b695fc008ef2c56aabd8efd68eLummaStealer CobaltStrike Rhadamanthys Sliver
25646167cce332c1c252cdcb1839e0cf48RedLineStealer Amadey Smoke Loader LummaStealer

Top ssdeep hashes

Most seen ssdeep hashes on MalwareBazaar.

Malware SamplessdeepSignature(s)
512288:+N2N7fN2jNouec0DW4fuedxRaJnCHFxIdOQ2RxkRh8iP/ZT0erQtZydyIBvguY9P:+N2r2j6dDDfBxRhbjxI5/Np/eHDCRat
41536:JzvQSZpGS4/31A6mQgL2eYCGDwRcMkVQd8YhY0/EqfIzmd:KSHIG6mQwGmfOQd8YhY0/EqUGLoki
3768:Oa2vU7eng2qGJert7LrLMU6fgatQh+YbT/9+m3CZQoV/bnmCozw:Oa4U7G7SvT6ftBTm3KVrmCo8Mirai
312288:WN2N7fN2jNouec0DW4fuedxRaJnCHFxIdOQ2RxkRh8iP/ZT0erQtZydyIBvguY9P:WN2r2j6dDDfBxRhbjxI5/Np/eHDCRat
31536:AkvvADrAJ9yAPw4+x60GgxDkRucdHHmo1IEwhg9y2IymQY2AUm6hh1Z/C/C:AooDrU9zo4lXC6hh1ZKKMirai
249152:IBJKTpc8iYMCJzBWENRrFX2pVCdAksnWCp2XCkl7:ygTFMCzjNlJisdAksFkF
21536:iqLqhGIAVL6R2pisW/aOHiT5IoUKh/Ejg1ioCjrv5+o:X2hGIOlHMH25RbhZ1ioubMirai
21536:/+VZ/Ang1EaeAy7lJTjvMaXTetzy0sj89d26Z:8/AngleA2wztzhtMirai
2393216:Jn3L4O5itEscwyXM9MtqU/8dmnT/U4Sj:Jn3LotEsHissHnk
2384:nNgBxph5nXiyLToa0syXoG5xEeiKU+aoqlg3u7MjqG/L:I97LTot5xFiKPe7M2Gj

Top dhash icon

Most seen dhashes of icons from PE32 executables and their signatures.

Malware Sampledhash iconSignature(s)

Malware sample shared

The chart below shows the number of unique malware samples shared on MalwareBazaar per day over a period of 12 months.


Top Reporters

It wouldn't be possible to operate MalwareBazaar without the help of volunteers who contribute malware samples to MalwareBazaar. The table below shows the top reporters and their Twitter handle.

RankReporterLast activitySubmissions
1 abuse_ch2025-09-17265'053
2 zbetcheckin2024-11-0978'688
3 lazyactivist1922024-01-1769'729
4 Cryptolaemus12024-03-2067'837
5 seifreed2021-10-1948'947
6 JAMESWT_WT2025-09-1744'820
7 SecuriteInfoCom2025-09-1740'754
8 andretavare52024-01-1835'831
9 cocaman2025-09-1731'604
10 Libranalysis2024-01-1717'035
11 GovCERT_CH2024-10-1815'559
12 lowmal32025-09-1614'894
13 adrian__luca2025-09-1514'701
14 James_inthe_box2025-09-1710'221
15 Bitsight2025-09-179'967

Top Malware Families

Top Tags

Most matching YARA rules

YARA rules that matched most on malware samples in MalwareBazaar.

Malware SamplesYARA ruleAuthorLast match
129'080Skystars_Malware_ImphashSkystars LightDefender2025-09-17
92'305pe_imphashNone2025-09-17
78'518SharedStringsKatie Kleemola2025-08-20
78'323unixredflags3Tim Brown @timb_machine2025-09-17
76'712Email_stealer_bin_memJames_inthe_box2024-06-13
76'392linux_generic_ipv6_catcher@_lubiedo2025-09-17
74'506Select_from_enumerationJames_inthe_box2025-07-30
73'333UAC_bypass_bin_memJames_inthe_box2023-03-07
72'528Sus_Obf_Enc_Spoof_Hide_PEXiAnzheng2025-09-17
71'651IPPort_combo_memJames_inthe_box2025-03-26
57'329NETmalware-lu2025-09-17
54'775DebuggerCheck__APINone2025-09-17
51'181pe_imphash2025-09-17
45'508Cobalt_functions@j0sm12023-08-23
31'955pdb_YARAify@wowabiy3142025-08-19

Most downloaded Malware Samples

Most downloaded malware samples on MalwareBazaar.

DownloadsMalware SampleTypeSignatureReporter
72'09470ab26000929d26e0e4e567bd0dc4158054538485fcfd51dd4b60a534967814b lzhFirebirdRAT GovCERT_CH
52'968c88a22dae5d5564a33736d8cd43835eb46153bafe47fc6e8c267c3b89d4abf04 zip  l205306
42'34659494a51618f234021c0dae2d87667ce9e431b8a75a1b4952d3e48bf71492fbbExecutable exeAgentTesla cocaman
40'688c24ff50a15372a69690f4c7cd783609e92924ec38f2f42148573d35980f07cd3Executable exeLummaStealer abuse_ch
40'662b828382168a0077c7d5cd8faf44d5da19a4d852cfca7c85dae63de97e5dd6753Executable exeLummaStealer abuse_ch
32'6799fd06d80534b729cca8ad2affa0be6b3108c6a117e7b20f81470b2c01335453b elfMirai abuse_ch
32'5701509cb4a59087be095de34a01f19e292933a3133bc63de252555d0188d0710bd elf  abuse_ch
32'5702ee2eaa1fce89b91fb70dd2e853ac63b600c11feae4a1624fa90f1c6e33bc67c elfMirai abuse_ch
32'559a0f145290eaa8b3b74d83702f391952617262388779aa607dbaac524b4567266 elfMirai abuse_ch
32'543216ab12c56bba575bd40aaa5d602c062abb5fc8ac405f27a43619c3370d11707 elf  abuse_ch
30'787cdff50f4126445f55098d307fa40396a80396cc50d4d94c0c8a849b4de2b7da2Executable exeLummaStealer abuse_ch
30'491eb097b81a3a0a5510aec27b28fd7a140152eb217520fca3dd92f27a72d817045 elfMirai abuse_ch
30'454515eb18d3f105eb377e73dfa2ee34a24f50da54f0600d02d7914d41c916f3848 elfMirai abuse_ch
24'736b97e12807dcde2a8fd53d7f8e74336442d0cf8dbed19c0a44fcef359160bdd77PowerPoint file pptx  Neiki
24'7164e09c7b070043bd5bf50b7b2038dd170b491128eb28f5fdf61d9a07e831ece3cPowerPoint file pptx  cocaman

ANY.RUN ANY.RUN

Top detections by ANY.RUN for malware samples on MalwareBazaar.

ClamAV ClamAV

Top detections by ClamAV for malware samples on MalwareBazaar.

Intezer Intezer

Top detections by Intezer for malware samples on MalwareBazaar.

Joe Sandbox Joe Sandbox

Top detections by Joe Sandbox for malware samples on MalwareBazaar.

CERT.PL MWDB CERT.PL MWDB

Top detections by CERT.PL MWDB for malware samples on MalwareBazaar.

ReversingLabs ReversingLabs

Top detections by ReversingLabs Titanium Platform for malware samples on MalwareBazaar.

Threatray Threatray

Top detections by Threatray for malware samples on MalwareBazaar.

Triage Triage

Top detections by Triage for malware samples on MalwareBazaar.

UnpacMe UnpacMe

Top detections by UnpacMe for malware samples on MalwareBazaar.

VMRay VMRay

Top detections by VMRay for malware samples on MalwareBazaar.

FileScan.IO FileScan.IO

Top classifications by FileScan.IO for malware samples on MalwareBazaar.

CyberFortress CyberFortress

Top classifications by CyberFortress for malware samples on MalwareBazaar.

ThreatZone ThreatZone

Top classifications by ThreatZone for malware samples on MalwareBazaar.

Most discussed Malware Samples

Most discussed (commented) malware samples on MalwareBazaar.

CommentsMalware SampleTypeSignature
1097bb6f30d2fe5546a810da356e41652d1bccfe2130cf77dec36b9ee17c19259dExcel file xlsDridex
6d9b05da007d51cf86d4a6448d17183ab69a195436fe17b497185149676d0e77bExecutable exeTrickBot
47277388a0a82e85fe6eb38ed47bd5640c74f10be64ee6e9b8610c49b73328859 7zHawkEye
3f4841b9b9006e327d58c8d6fb6e1bb3699d05fcd10fcaf7adcdde47efccb13b3 zipAgentTesla
3e97b35c4339e0412571a445b2fe20e30fe91585cad505820b56a098a66e54c23Executable exeAgentTesla
30994e0972430f7cf02b66c290b6e62666c14da2ca9ad369e7cf5447313dc8550Executable exeTrickBot
3667f88e8dcd4a15529ed02bb20da6ae2e5b195717eb630b20b9732c8573c4e83Word file docPhobos
2df822aa4ae822b89d8f1c6b4afe3f9bf4679b7c9872bd95d3cbfab366a57edcaHTML Application (hta) hta 
22b7bdd0b8bde43d8e9d9a32352a408c5028e2a39c694be064a6ed18d0aa830e7Executable exeStop
2251643f0b539eb872ebeb216f1b71f0f8dc8301276ea63dbfdf10a7267ac7379 zip 

Top File Types

Most seen file types associated with malware samples on MalwareBazaar.

Top imphashes

Most seen imphashes on MalwareBazaar.

Malware SampleimphashTop 4 Signatures
150'157f34d5f2d4577ed6d9ceec516c1f5a744AgentTesla Formbook SnakeKeylogger RedLineStealer
14'708646167cce332c1c252cdcb1839e0cf48RedLineStealer Amadey Smoke Loader LummaStealer
9'777c9f7e018b269f1b5fe81cf757d6f8e93Heodo
8'608987b9d7dc84d935c3675da82d40e06f2Dridex Gozi Tofsee VelvetSweatshopDridex
8'5082eabe9054cad5152567f0699947a2c5bLummaStealer Stealc Healer Amadey
7'803884310b1928934402ea6fec1dbd3cf5eGCleaner Socks5Systemz RaccoonStealer RedLineStealer
4'377afcdf79be1557326c854b6e20cb900a7FormBook AgentTesla RemcosRAT RedLineStealer
3'62487bed5a7cba00c7e1f4015f1bdae2183Jadtre IcedID Blackmoon TrickBot
3'30261259b55b8912888e90f516ca08dc514Formbook AgentTesla GuLoader SnakeKeylogger
3'107948cc502fe9226992dce9417f952fce3CredentialFlusher Formbook AgentTesla RedLineStealer

Top ssdeep hashes

Most seen ssdeep hashes on MalwareBazaar.

Malware SamplessdeepSignature(s)
1'12412288:J2+J+l5QvSoOUkQNPRoswLLjfsHJNF05s:AJl5QrrkQFCHspN4Quakbot
1'12312288:U2+J+l5QvSoOUkQGPRoswLLjfsHJNF05F:PJl5QrrkQOCHspN4Quakbot
1'12112288:l2+J+l5QvSoOUkQiPRoswLLjfsHJNF05h:8Jl5QrrkQaCHspN4Quakbot
5281536:1I+Hymsbck3hbdlylKsgqopeJBWhZFGkE+cMLxAAISQ5gQ72IotO6nitSU6U+x:1I+HymsYk3hbdlylKsgqopeJBWhZFGkzSilentBuilder Heodo
52612288:iD6LPBCvMk0O9na1M80cLt9i5aIaTtpc4W:2+QGO9naz0Szi5anTtRMirai
4191536:H0k3hbdlylKsgqopeJBWhZFGkE+cMLxAAIzSEV2NnX4Ia3gg5W8IuD7PoHsP7e3/:H0k3hbdlylKsgqopeJBWhZFGkE+cMLxzSilentBuilder Heodo
416768:0Jlk3hbdlylKsgqopeJBWhZFGkE+cMLxAAIZEtm/piJaiyH5YnJe+eO+8WoFYpLd:0rk3hbdlylKsgqopeJBWhZFGkE+cMLx6SilentBuilder Heodo
41012288:0GCt9AoZDmbOxeQPTyDez9kQ8jGMKhmmMnRpOeHc:Y9tZQO92DnhDmc
40812288:NbX5mTA3bZNKiG01B7crv+SF7GW5a65jx:tX5m83bZNKi3B7AZXaGafgyt
40112288:5D+Azf/CVCW3ISw+hRNb3W/aTyA9VV/cZWLnR98V+:5D+AznCVNIZ+vNbG/WYWrR98V

Top dhash icon

Most seen dhashes of icons from PE32 executables and their signatures.

Malware Sampledhash iconSignature(s)
15'390f8f0f4c8c8c8d8f08'803 x RedLineStealer, 5'078 x Amadey, 288 x Smoke Loader
6'664aae2f3e38383b6292'034 x Formbook, 1'183 x CredentialFlusher, 666 x AgentTesla
5'757b2a89c96a2cada722'283 x Formbook, 981 x Loki, 803 x AgentTesla
4'862b298acbab2ca7a722'327 x GCleaner, 1'631 x Socks5Systemz, 67 x RedLineStealer
3'90071b119dcce5763333'570 x Heodo, 203 x TrickBot, 19 x Gh0stRAT
3'3730000000000000000872 x AgentTesla, 496 x Formbook, 296 x RedLineStealer
2'708848c5454baf474742'088 x Adware.Neoreklami, 101 x RedLineStealer, 33 x DiamondFox
2'3329494b494d4aeaeac832 x DCRat, 172 x RedLineStealer, 134 x CryptOne
1'172399998ecd4d46c0e572 x Quakbot, 137 x ArkeiStealer, 82 x GCleaner
1'150fefce49e86c0fcfe884 x Socks5Systemz, 259 x RaccoonStealer