Statistics

MalwareBazaar produces various statistics on malware samples shared, including their detections. The available statistics can be found below.

Malware sample shared

The chart below shows the number of unique malware samples shared on MalwareBazaar per day over a period of 30 days.


Top Reporters

It wouldn't be possible to operate MalwareBazaar without the help of volunteers who contribute malware samples to MalwareBazaar. The table below shows the top reporters and their Twitter handle.

RankReporterLast activitySubmissions
1Twitter @abuse_ch2021-12-021'541
2Twitter @zbetcheckin2021-12-021'177
3Twitter @cocaman2021-12-02371
4Twitter @GovCERT_CH2021-12-02331
5Twitter @Cryptolaemus12021-12-02313
6Twitter @pr0xylife2021-12-02222
7Twitter @SecuriteInfoCom2021-12-02217
8Twitter @lowmal32021-12-02181
9Twitter @tolisec2021-12-02174
10Twitter @JAMESWT_MHT2021-11-30127
11Twitter @Gamer47agent2021-12-02109
12Twitter @malwarelabnet2021-12-02105
13Twitter @TeamDreier2021-12-0284
14Twitter @ArkbirdDevil2021-12-0177
15Twitter @0xhido2021-11-2574

Top Malware Families

Top Tags

Most matching YARA rules

YARA rules that matched most on malware samples in MalwareBazaar.

Malware SamplesYARA ruleAuthorLast match
1'456Skystars_Malware_ImphashSkystars LightDefender2021-12-02
1'456pe_imphash2021-12-02
702INDICATOR_SUSPICIOUS_Stomped_PECompilation_Timestamp_InTheFutureditekSHen2021-12-02
438linux_generic_ipv6_catcher@_lubiedo2021-12-02
402BitcoinAddressDidier Stevens (@DidierStevens)2021-12-02
369MALWARE_Win_RedLineditekSHen2021-12-02
366unixredflags3Tim Brown @timb_machine2021-12-02
201MALWARE_Win_AgentTeslaV3ditekSHen2021-12-02
200win_agent_tesla_v1Johannes Bader @viql2021-12-02
200AgentTeslaV3ditekshen2021-12-02
199ach_AgentTesla_20200929abuse.ch2021-12-02
162SUSP_XORed_MozillaFlorian Roth2021-12-02
162SUSP_XORed_Mozilla_RID2DB4Florian Roth2021-12-02
155INDICATOR_SUSPICIOUS_Binary_References_BrowsersditekSHen2021-12-02
139SUSP_ELF_LNX_UPX_Compressed_FileFlorian Roth2021-12-02

Most downloaded Malware Samples

Most downloaded malware samples on MalwareBazaar.

DownloadsMalware SampleTypeSignatureReporter
30304de6272e5cc965e0bfdaf797ba8814e54949f0cd7463333fa547bb918034860 rar Twitter @Gamer47agent
2745c503c6475202598918ad173f031375cab997325907ecfc12c1625edb78e5229 r00AgentTeslaTwitter @cocaman
272440c297bcaa0e4ca3d84281d524b8351ad1ea2b5aabb22795db824a356cd54bdExecutable exeGoziTwitter @abuse_ch
26432dfd8383c234477ce9d253dcce736c82db39ff9943098b160e69b811b5c3e69Word file doc Twitter @Cryptolaemus1
2624a1ea7affcba0788556ae5bd402178b65274dc2b8f1b7aea7b7813d9cc4346e5Word file docHeodoTwitter @abuse_ch
26259254e8ec001f88c9d879c7721993c1bd6671a61b543ab39d2485f5e62b5fa6dDLL dllHeodoTwitter @abuse_ch
2564fcf00b29cf5bd4354687ee1d52056abbf58cf7b666c90e7ba2d5a72d7a3debdDLL dllHeodoTwitter @abuse_ch
255846c121840d5733fc9ffed9baf40ef76dad6011ee88f8382b828df3aa61e2a22Visual Basic Script (vbs) vbsnjratTwitter @abuse_ch
253bcdcf1ec9bf276c3e6ea441e64ff91fe836857fc49c0c97b672adc0a64aa6873Word file docHancitorTwitter @abuse_ch
250ddda174d8edfd52684fdf967339427f41b66382495a55679912a4ca4439bab4aJava Script (JS) jsVjw0rmTwitter @abuse_ch
2481330a9b1b83a5956ebb74c44a84673a35c1e84a078911e6de6b9a85f8fd80823Word file docHancitorTwitter @abuse_ch
24776816ba1a506eba7151bce38b3e6d673362355063c8fd92444b6bec5ad106c21DLL dllHeodoTwitter @Cryptolaemus1
2454c50ff0945136ff0f79eb75ee7d5c86025282ab519488f692ffc267873160bb6Executable exeGoziTwitter @abuse_ch
2440d20b337979060e2b6a97b9a5fc12dde9ef8da4f892eaf84773cef7443cfd3caDLL dllHeodoTwitter @abuse_ch
2404cd33ed5de91c1ab22e920672837b4fd41cc0cf45ac0cec715d228512b0b57de rarFormbookTwitter @cocaman

CAPE Sandbox CAPE Sandbox

Top detections by CAPE Sandbox for malware samples on MalwareBazaar.

ClamAV ClamAV

Top detections by ClamAV for malware samples on MalwareBazaar.

Intezer Intezer

Top detections by Intezer for malware samples on MalwareBazaar.

Joe Sandbox Joe Sandbox

Top detections by Joe Sandbox for malware samples on MalwareBazaar.

CERT.PL MWDB CERT.PL MWDB

Top detections by CERT.PL MWDB for malware samples on MalwareBazaar.

ReversingLabs ReversingLabs

Top detections by ReversingLabs Titanium Platform for malware samples on MalwareBazaar.

Threatray Threatray

Top detections by Threatray for malware samples on MalwareBazaar.

Triage Triage

Top detections by Triage for malware samples on MalwareBazaar.

UnpacMe UnpacMe

Top detections by UnpacMe for malware samples on MalwareBazaar.

VMRay VMRay

Top detections by VMRay for malware samples on MalwareBazaar.

FileScan.IO FileScan.IO

Top classifications by FileScan.IO for malware samples on MalwareBazaar.

Most discussed Malware Samples

Most discussed (commented) malware samples on MalwareBazaar.

CommentsMalware SampleTypeSignature
1097bb6f30d2fe5546a810da356e41652d1bccfe2130cf77dec36b9ee17c19259dExcel file xlsDridex
6d9b05da007d51cf86d4a6448d17183ab69a195436fe17b497185149676d0e77bExecutable exeTrickBot
47277388a0a82e85fe6eb38ed47bd5640c74f10be64ee6e9b8610c49b73328859 7zHawkEye
3f4841b9b9006e327d58c8d6fb6e1bb3699d05fcd10fcaf7adcdde47efccb13b3 zipAgentTesla
3e97b35c4339e0412571a445b2fe20e30fe91585cad505820b56a098a66e54c23Executable exeAgentTesla
30994e0972430f7cf02b66c290b6e62666c14da2ca9ad369e7cf5447313dc8550Executable exeTrickBot
3667f88e8dcd4a15529ed02bb20da6ae2e5b195717eb630b20b9732c8573c4e83Word file docPhobos
2df822aa4ae822b89d8f1c6b4afe3f9bf4679b7c9872bd95d3cbfab366a57edcaHTML Application (hta) hta 
22b7bdd0b8bde43d8e9d9a32352a408c5028e2a39c694be064a6ed18d0aa830e7Executable exeStop
2251643f0b539eb872ebeb216f1b71f0f8dc8301276ea63dbfdf10a7267ac7379 zip 

Top File Types

Most seen file types associated with malware samples on MalwareBazaar.

Top imphashes

Most seen imphashes on MalwareBazaar.

Malware SampleimphashTop 4 Signatures
1'286f34d5f2d4577ed6d9ceec516c1f5a744AgentTesla Formbook Loki NanoCore
2597fa974366048f9c551ef45714595665eFormbook Loki AgentTesla SnakeKeylogger
89d8c52655a835ecb2c6fea489c7c7674bHeodo
74609402ef170a35cc0e660d7d95ac10ceHeodo
59d7dd6fa75115d9909f747434e40fff68RedLineStealer CoinMiner.XMRig
427786268c05d434623e5cf2d8c7606864Heodo
346e10c8576fec9d1d6e1bb3b6a941ae33Dridex
314a2e61e1749a0183eccaadb9c4ef6ec2Dridex
300748c08f838865e5d72743f7fd7e551eCryptBot Gozi
290ab020de3096b6aafb4fadfac4d16825CryptBot ArkeiStealer Amadey BitRAT

Top ssdeep hashes

Most seen ssdeep hashes on MalwareBazaar.

Malware SamplessdeepSignature(s)
612288:HOYMYlxIimj6qr9wMiE+wGFYjA2KY59roDBM6nGplGJY:HOJYMimv+9wGqfKY59cM6GplGJFormbook RemcosRAT DBatLoader
512288:Zg6sAoGRtiZwyrKT29plU9S7hZ2otIs095GRlelPI7jd8VkOs9FsGe:uCdyL9rPTE5GRlV7jd8Fs9KGeTrickBot
498304:97K4c1wztR52vtN+8UBoiiQBl7MNNU0KeQvDGV7IC8jRbr7x:sZwfQvtfGcNNGecDkV8x7
412288:PE2tc7FE6c/ItF8iQ6/JRJA6sAeYP+ToBWFZCXesFdUyo2XM:PE2K79bHQ76QeOC7UD2XFormbook
3768:u/I83GhApRrjevZCwVIYgBZVWpf/wak8y0VItKF:unKAbIIjkpw78XVIWHeodo
312288:W7eqD3i1d83wcXpcipxlU43Irxk44yh2hxe4KWbzdlUFN+sw9DIR4WK5yiCmqQ4x:9jdCw6xlfcO4ke4HdyFN+NI45oyW+4DCRat
349152:9jZPYdDZPBHMWy8SYuMwc8YzzCkO7Du7lNXNi8U5zD9QabN0K:DaP6Wy8JwcDzOvu5NdiDdG20CoinMiner
312288:mZgJtlQepQn+NDo7nIgegQCLDF/B9wvj/cLvVZFuw:mZK6F7nVeRmDFJivohZFVDridex
312288:+AriSOG9c0jc5mDQxqfeR4iTQG8Ht3WZ6y1zTV3z1:vof4DQxM24iTFUVWXpTVjHeodo
36144:bHX+iXvoPGKN3MYAXcK6YWo2mYLVe2PRy6u802JJs:b3+iXvoPoYISTLVHZy6zJRedLineStealer

Top dhash icon

Most seen dhashes of icons from PE32 executables and their signatures.

Malware Sampledhash iconSignature(s)
177b2a89c96a2cada7288 x Formbook, 47 x Loki, 10 x RedLineStealer
879e73f5aca0b880c487 x Heodo
54fcfcb4d4d4d4d8c023 x RedLineStealer, 8 x Smoke Loader, 7 x RaccoonStealer