Statistics

MalwareBazaar produces detailed statistics on shared malware samples, including associated detections - find the available statistics below.

You can also access Spamhaus's Malware Digest report, based on MalwareBazaar data:

https://www.spamhaus.org/malware-digest/#malwarebazaar

Past 14 days
Overall

Malware sample shared

The chart below shows the number of unique malware samples shared on MalwareBazaar per day over a period of 30 days.

Top Reporters

It wouldn't be possible to operate MalwareBazaar without the help of volunteers who contribute malware samples to MalwareBazaar. The table below shows the top reporters and their Twitter handle.

Rank	Reporter	Last activity	Submissions
1	abuse_ch	2025-05-07	4'767
2	JAMESWT_WT	2025-05-07	240
3	SecuriteInfoCom	2025-05-06	183
4	threatcat_ch	2025-05-07	148
5	BastianHein	2025-04-29	119
6	zhuzhu0009	2025-05-06	110
7	cocaman	2025-05-06	96
8	adrian__luca	2025-05-06	84
9	adm1n_usa32	2025-05-06	79
10	aachum	2025-05-02	71
11	TeamDreier	2025-05-01	69
12	neiki_dev	2025-05-07	66
13	smica83	2025-05-06	65
14	LuRisa323	2025-04-28	48
15	TheRavenFile	2025-05-06	41

Top Malware Families

Top Tags

Most matching YARA rules

YARA rules that matched most on malware samples in MalwareBazaar.

Malware Samples	YARA rule	Author	Last match
3'123	Sus_Obf_Enc_Spoof_Hide_PE	XiAnzheng	2025-05-07
2'124	linux_generic_ipv6_catcher	@_lubiedo	2025-05-07
1'610	unixredflags3	Tim Brown @timb_machine	2025-05-07
1'097	golang_bin_JCorn_CSC846	Justin Cornwell	2025-05-07
994	upx_packed_elf_v1	RandomMalware	2025-05-07
957	DebuggerCheck__API	None	2025-05-07
951	NET	malware-lu	2025-05-07
812	Skystars_Malware_Imphash	Skystars LightDefender	2025-05-07
812	pe_imphash	None	2025-05-07
794	RANSOMWARE	ToroGuitar	2025-05-07
786	SUSP_ELF_LNX_UPX_Compressed_File	Florian Roth (Nextron Systems)	2025-05-07
708	Linux_Trojan_Gafgyt_28a2fe0c	Elastic Security	2025-05-06
598	NETexecutableMicrosoft	malware-lu	2025-05-07
573	pe_detect_tls_callbacks	None	2025-05-07
538	setsockopt	Tim Brown @timb_machine	2025-05-07

Most downloaded Malware Samples

Most downloaded malware samples on MalwareBazaar.

Downloads	Malware Sample	Type	Signature	Reporter
7'013	a02d70127abf6fc2c950b150d42b0ac36bf7714c358524b8819b467f94ab758b	apk		500mk500
6'648	363bccfdc1f586f9b13ad8c7774306d875f336787a0f1806847118cfc2485350	apk		sswex
4'833	db8005ede3b883ab4d1fb7708d9a834f3efdd97294d66f335c711cd2e6528764	xlsx		lowmal3
4'821	b57cab62c3f5089581e452d8d8b33932c426341878d22b13501ec9e78f925a80	apk		Yuyuko_Saigyouji
4'723	501930a672d0a408bcd4d9b8af8cd21a09f33da99acd70e013807b87acc4408b	xlsx		abuse_ch
4'608	2a18b0e92138540943b5eee236b46ffd12dbdae5e09dfd97362e0db220118248	doc		TomU
4'508	8cd4466c1786109e8ed75a67bb19fdebf17995609f48b1a9896a5b590ec38285	zip		Anonymous
4'347	4b4b048a48f6f2285f70dadae227d7e8ffc19ab4851db8936731fd0d365817af	xlsx		abuse_ch
4'192	4f94e841430d93fded2e03448b3c90297ef9ce2ec70b51b8e2d0991dc4796ba4	doc		abuse_ch
4'181	639201b3ff431e46c187340d4ab40071274227851f5136be4fbfb416b1560d9d	xlsx		TeamDreier
4'129	ccc1b3d80fae91a85b7bec56ae436ca672c7856f23803f0d058cd45b4bb0ab76	xlsx		abuse_ch
4'070	e2ae3093df1bc88be2cc11f4ce2ad8017a14edf46cbaf0bd1141afc976af5715	apk	SpyNote	theb47m4n
4'056	3ce0068c5cf299a8489a9fb0b0dba609915d28b734d2e1a716ed5822515308c9	apk		Kokonut
4'052	2efadf9ee810f9b5fafd82fa77091d39afb51098dfcf2398d2f6e93c3bb4df3b	apk		LuRisa323
4'017	c6f57f4b052da4272adfe03c813a6f84a076bad7b216af0c377d3e4c3e0f1efd	apk		Anonymous

ANY.RUN

Top detections by ANY.RUN for malware samples on MalwareBazaar.

ClamAV

Top detections by ClamAV for malware samples on MalwareBazaar.

Intezer

Top detections by Intezer for malware samples on MalwareBazaar.

Joe Sandbox

Top detections by Joe Sandbox for malware samples on MalwareBazaar.

CERT.PL MWDB

Top detections by CERT.PL MWDB for malware samples on MalwareBazaar.

ReversingLabs

Top detections by ReversingLabs Titanium Platform for malware samples on MalwareBazaar.

Threatray

Top detections by Threatray for malware samples on MalwareBazaar.

Triage

Top detections by Triage for malware samples on MalwareBazaar.

UnpacMe

Top detections by UnpacMe for malware samples on MalwareBazaar.

VMRay

Top detections by VMRay for malware samples on MalwareBazaar.

FileScan.IO

Top classifications by FileScan.IO for malware samples on MalwareBazaar.

CyberFortress

Top classifications by CyberFortress for malware samples on MalwareBazaar.

ThreatZone

Top classifications by ThreatZone for malware samples on MalwareBazaar.

Most discussed Malware Samples

Most discussed (commented) malware samples on MalwareBazaar.

Comments	Malware Sample	Type	Signature
10	97bb6f30d2fe5546a810da356e41652d1bccfe2130cf77dec36b9ee17c19259d	xls	Dridex
6	d9b05da007d51cf86d4a6448d17183ab69a195436fe17b497185149676d0e77b	exe	TrickBot
4	7277388a0a82e85fe6eb38ed47bd5640c74f10be64ee6e9b8610c49b73328859	7z	HawkEye
3	f4841b9b9006e327d58c8d6fb6e1bb3699d05fcd10fcaf7adcdde47efccb13b3	zip	AgentTesla
3	e97b35c4339e0412571a445b2fe20e30fe91585cad505820b56a098a66e54c23	exe	AgentTesla
3	0994e0972430f7cf02b66c290b6e62666c14da2ca9ad369e7cf5447313dc8550	exe	TrickBot
3	667f88e8dcd4a15529ed02bb20da6ae2e5b195717eb630b20b9732c8573c4e83	doc	Phobos
2	df822aa4ae822b89d8f1c6b4afe3f9bf4679b7c9872bd95d3cbfab366a57edca	hta
2	2b7bdd0b8bde43d8e9d9a32352a408c5028e2a39c694be064a6ed18d0aa830e7	exe	Stop
2	251643f0b539eb872ebeb216f1b71f0f8dc8301276ea63dbfdf10a7267ac7379	zip

Top File Types

Most seen file types associated with malware samples on MalwareBazaar.

Top imphashes

Most seen imphashes on MalwareBazaar.

Malware Sample	imphash	Top 4 Signatures
776	f34d5f2d4577ed6d9ceec516c1f5a744	AgentTesla Formbook SnakeKeylogger RedLineStealer
278	2eabe9054cad5152567f0699947a2c5b	LummaStealer Stealc Healer Amadey
69	3d95adbf13bbe79dc24dccb401c12091	AgentTesla FormBook NanoCore Loki
56	948cc502fe9226992dce9417f952fce3	CredentialFlusher Formbook AgentTesla RedLineStealer
39	1ca5d76c8790c78aa8812c3b251d86b6	CoinMiner
34	646167cce332c1c252cdcb1839e0cf48	RedLineStealer Amadey Smoke Loader LummaStealer
33	404361c37a0fd175e596a2bb117ba8b4	Neconyd
32	afcdf79be1557326c854b6e20cb900a7	FormBook AgentTesla RemcosRAT NanoCore
31	3e2a6ecfffc5d43a7565ef87874e92c4	LummaStealer Vidar Stealc DarkCloud
25	130d5621ef2323889c6e1ed2746329fe	LummaStealer Vidar LockBit XWorm

Top ssdeep hashes

Most seen ssdeep hashes on MalwareBazaar.

Malware Sample	ssdeep	Signature(s)
16	6144:63fxS1fHETSACF2Gzm5DVvSHrKKRH4SCra+HWMiFbcAOXmb4Dsi6wwcitgF:25WOSACZSV6eKRH5EPiamb4DsDwwcV	Prometei
16	6144:63fxS1fHETSACF2Gzm5DVvSHrKKRH4SCra+HWMiFbcAOXmb4Dsi6wwcitgQ:25WOSACZSV6eKRH5EPiamb4DsDwwcA	Prometei
13	6144:63fxS1fHETSACF2Gzm5DVvSHrKKRH4SCra+HWMiFbcAOXmb4Dsi6wwcitgY:25WOSACZSV6eKRH5EPiamb4DsDwwcI	Prometei
13	6144:63fxS1fHETSACF2Gzm5DVvSHrKKRH4SCra+HWMiFbcAOXmb4Dsi6wwcitgH:25WOSACZSV6eKRH5EPiamb4DsDwwcX	Prometei
13	6144:63fxS1fHETSACF2Gzm5DVvSHrKKRH4SCra+HWMiFbcAOXmb4Dsi6wwcitgT:25WOSACZSV6eKRH5EPiamb4DsDwwcD	Prometei
12	6144:63fxS1fHETSACF2Gzm5DVvSHrKKRH4SCra+HWMiFbcAOXmb4Dsi6wwcitgS:25WOSACZSV6eKRH5EPiamb4DsDwwcC	Prometei
12	6144:63fxS1fHETSACF2Gzm5DVvSHrKKRH4SCra+HWMiFbcAOXmb4Dsi6wwcitgi:25WOSACZSV6eKRH5EPiamb4DsDwwcy	Prometei
12	6144:63fxS1fHETSACF2Gzm5DVvSHrKKRH4SCra+HWMiFbcAOXmb4Dsi6wwcitgZ:25WOSACZSV6eKRH5EPiamb4DsDwwcJ	Prometei
11	6144:63fxS1fHETSACF2Gzm5DVvSHrKKRH4SCra+HWMiFbcAOXmb4Dsi6wwcitgC:25WOSACZSV6eKRH5EPiamb4DsDwwcS	Prometei
10	6144:63fxS1fHETSACF2Gzm5DVvSHrKKRH4SCra+HWMiFbcAOXmb4Dsi6wwcitg6:25WOSACZSV6eKRH5EPiamb4DsDwwcK	Prometei

Top dhash icon

Most seen dhashes of icons from PE32 executables and their signatures.

Malware Sample	dhash icon	Signature(s)
132	aae2f3e38383b629	40 x Formbook, 28 x Amadey, 15 x CredentialFlusher
49	e4f6b2f0e8ccf0f0	1 x CoinMiner
42	926b23534d61338c	41 x Rhadamanthys
36	f8f0f4c8c8c8d8f0	18 x Amadey, 6 x CredentialFlusher, 5 x LummaStealer
34	9494b494d4aeaeac	24 x DCRat, 1 x RedLineStealer, 1 x NetSupport
33	60dc862226869ce1	33 x Neconyd
25	33b2cd4d17174db2	25 x GCleaner
22	f8ba6c0e0ec982c0	22 x Blackmoon
20	5050d270cccc82ae	4 x OffLoader, 3 x ValleyRAT, 3 x LummaStealer
20	b170e88e8e8c6860	5 x Formbook, 5 x MassLogger, 4 x SnakeKeylogger