Statistics

MalwareBazaar produces detailed statistics on shared malware samples, including associated detections - find the available statistics below.

You can also access Spamhaus's Malware Digest report, based on MalwareBazaar data:

https://www.spamhaus.org/malware-digest/#malwarebazaar

Past 14 days
Overall

Malware sample shared

The chart below shows the number of unique malware samples shared on MalwareBazaar per day over a period of 30 days.

Top Reporters

It wouldn't be possible to operate MalwareBazaar without the help of volunteers who contribute malware samples to MalwareBazaar. The table below shows the top reporters and their Twitter handle.

Rank	Reporter	Last activity	Submissions
1	abuse_ch	2025-07-19	5'680
2	adrian__luca	2025-07-14	690
3	JAMESWT_WT	2025-07-18	319
4	aachum	2025-07-18	217
5	skocherhan	2025-07-17	207
6	SecuriteInfoCom	2025-07-18	178
7	burger	2025-07-18	175
8	lowmal3	2025-07-18	106
9	threatcat_ch	2025-07-17	97
10	cocaman	2025-07-18	91
11	GDHJDSYDH1	2025-07-18	68
12	smica83	2025-07-18	61
13	antigdi	2025-07-18	40
14	Joker	2025-07-15	36
15	FXOLabs	2025-07-18	30

Top Malware Families

Top Tags

Most matching YARA rules

YARA rules that matched most on malware samples in MalwareBazaar.

Malware Samples	YARA rule	Author	Last match
3'622	Sus_Obf_Enc_Spoof_Hide_PE	XiAnzheng	2025-07-18
3'301	unixredflags3	Tim Brown @timb_machine	2025-07-19
2'619	linux_generic_ipv6_catcher	@_lubiedo	2025-07-18
1'269	golang_bin_JCorn_CSC846	Justin Cornwell	2025-07-18
1'217	DebuggerCheck__API	None	2025-07-18
1'200	NET	malware-lu	2025-07-18
1'132	Linux_Trojan_Gafgyt_28a2fe0c	Elastic Security	2025-07-18
1'083	ELF_Mirai	NDA0E	2025-07-19
959	botnet_plaintext_c2	cip	2025-07-18
908	DetectEncryptedVariants	Zinyth	2025-07-18
907	Sus_CMD_Powershell_Usage	XiAnzheng	2025-07-18
874	pe_imphash	None	2025-07-18
873	Skystars_Malware_Imphash	Skystars LightDefender	2025-07-18
819	enterpriseapps2	Tim Brown @timb_machine	2025-07-18
818	pe_detect_tls_callbacks	None	2025-07-18

Most downloaded Malware Samples

Most downloaded malware samples on MalwareBazaar.

Downloads	Malware Sample	Type	Signature	Reporter
1'690	af747282bf8a68dbd5d4b5db4fafbba61d0a418e27d62090844f36d039bef1f0	exe		SecuriteInfoCom
547	964ddfec70d3a306c1a2dcae6f7da397202b08c45eabe15c0f5ad84de77393ea	exe	LummaStealer	aachum
490	d852c57134c0a34471df5059def176877463ff41c242e9ec25a4e191ba841613	exe	LummaStealer	aachum
461	30b64311ed4920ec78dc850bda4cdf08cee2922d4a1ef798d30799d974a9196f	exe	LummaStealer	aachum
433	08d1bd15aa93c61a881b5fe78a58a36a1550299d166644b616ee05dc68161b88	exe		aachum
147	6a869ebca58a769522266fa0c475bb3f60ad75527ba358b7a1d143e03d604c79	exe	ValleyRAT	GDHJDSYDH1
137	d4919a7402d7ae02516589fbdfb3cc436749544052843a37b5d36ac4b7385b18	exe	INC	TheRavenFile
131	06c2a137c31aae5d02b4d7df61ffd31f1af9a9e59978f15b3f7265cc751bff1f	exe	Akira	TheRavenFile
126	549caa03c9aed64e4d13cad0a9f4ef45d8729d7e777a0749df6e2b2996dbea2d	exe	LummaStealer	aachum
113	fd42f07848568078d4beee04bc8704b8e6178676112de9c205d054e5895882ea	exe	LummaStealer	aachum
112	9c90b3ffdffcf2db7716c2c556dc633f9dddc471748753c34449f7314a73f5cb	exe	ValleyRAT	GDHJDSYDH1
89	47aab1f5a9de4659066c5d1ca8f3a72858811c3d41b6de5f04439e96d134d6d7	exe		aachum
88	fad639fcc1401732c0de91a9e4d0950256e93a38023be935cf78c373e3e0a09b	pdf		antigdi
79	a3c9a67b15abe9f7b6b8ecbba84f7242d2128c2f80b41d736cd95fa56b7a78c0	exe	ValleyRAT	GDHJDSYDH1
79	0aa6b1506747726828f751c3c937d1eeb69aeee92c343d4bbc117ff3bc9300d1	html		JAMESWT_WT

ANY.RUN

Top detections by ANY.RUN for malware samples on MalwareBazaar.

ClamAV

Top detections by ClamAV for malware samples on MalwareBazaar.

Intezer

Top detections by Intezer for malware samples on MalwareBazaar.

Joe Sandbox

Top detections by Joe Sandbox for malware samples on MalwareBazaar.

CERT.PL MWDB

Top detections by CERT.PL MWDB for malware samples on MalwareBazaar.

ReversingLabs

Top detections by ReversingLabs Titanium Platform for malware samples on MalwareBazaar.

Threatray

Top detections by Threatray for malware samples on MalwareBazaar.

Triage

Top detections by Triage for malware samples on MalwareBazaar.

UnpacMe

Top detections by UnpacMe for malware samples on MalwareBazaar.

VMRay

Top detections by VMRay for malware samples on MalwareBazaar.

FileScan.IO

Top classifications by FileScan.IO for malware samples on MalwareBazaar.

CyberFortress

Top classifications by CyberFortress for malware samples on MalwareBazaar.

ThreatZone

Top classifications by ThreatZone for malware samples on MalwareBazaar.

Most discussed Malware Samples

Most discussed (commented) malware samples on MalwareBazaar.

Comments	Malware Sample	Type	Signature
10	97bb6f30d2fe5546a810da356e41652d1bccfe2130cf77dec36b9ee17c19259d	xls	Dridex
6	d9b05da007d51cf86d4a6448d17183ab69a195436fe17b497185149676d0e77b	exe	TrickBot
4	7277388a0a82e85fe6eb38ed47bd5640c74f10be64ee6e9b8610c49b73328859	7z	HawkEye
3	f4841b9b9006e327d58c8d6fb6e1bb3699d05fcd10fcaf7adcdde47efccb13b3	zip	AgentTesla
3	e97b35c4339e0412571a445b2fe20e30fe91585cad505820b56a098a66e54c23	exe	AgentTesla
3	0994e0972430f7cf02b66c290b6e62666c14da2ca9ad369e7cf5447313dc8550	exe	TrickBot
3	667f88e8dcd4a15529ed02bb20da6ae2e5b195717eb630b20b9732c8573c4e83	doc	Phobos
2	df822aa4ae822b89d8f1c6b4afe3f9bf4679b7c9872bd95d3cbfab366a57edca	hta
2	2b7bdd0b8bde43d8e9d9a32352a408c5028e2a39c694be064a6ed18d0aa830e7	exe	Stop
2	251643f0b539eb872ebeb216f1b71f0f8dc8301276ea63dbfdf10a7267ac7379	zip

Top File Types

Most seen file types associated with malware samples on MalwareBazaar.

Top imphashes

Most seen imphashes on MalwareBazaar.

Malware Sample	imphash	Top 4 Signatures
716	f34d5f2d4577ed6d9ceec516c1f5a744	AgentTesla Formbook SnakeKeylogger RedLineStealer
189	3d95adbf13bbe79dc24dccb401c12091	AgentTesla FormBook SnakeKeylogger NanoCore
111	bf95d1fc1d10de18b32654b123ad5e1f	LummaStealer Rhadamanthys Vidar ACRStealer
104	0b768923437678ce375719e30b21693e	Formbook MassLogger SnakeKeylogger AgentTesla
40	b34f154ec913d2d2c435cbd644e91687	GuLoader RemcosRAT EpsilonStealer AgentTesla
36	6e7f9a29f2c85394521a08b9f31f6275	GuLoader AgentTesla RemcosRAT VIPKeylogger
28	c990338f8145dc29c6f38fb73cf05c77	BlankGrabber ValleyRAT DiscordTokenStealer PythonStealer
24	f4639a0b3116c2cfc71144b88a929cfd	GuLoader Formbook VIPKeylogger Stealc
23	12e12319f1029ec4f8fcbed7e82df162	DCRat RedLineStealer Formbook SnakeKeylogger
20	a7c4b62062a898c7859aeb5101fe98e5	LummaStealer Stealc CoinMiner njrat

Top ssdeep hashes

Most seen ssdeep hashes on MalwareBazaar.

Malware Sample	ssdeep	Signature(s)
95	12288:iD6LPBCvMk0O9na1M80cLt9i5aIaTtpc4W:2+QGO9naz0Szi5anTtR	Mirai
94	12288:NbX5mTA3bZNKiG01B7crv+SF7GW5a65jx:tX5m83bZNKi3B7AZXa	Gafgyt
94	12288:ndLGtVtlmIHk6Rtx02O6R+9X8C5SGEzf:pGntlzJx02O6E9X8XG
93	12288:0GCt9AoZDmbOxeQPTyDez9kQ8jGMKhmmMnRpOeHc:Y9tZQO92DnhDmc
92	12288:7A84JF9Qc8GgZxTM6m1U3snB6NnVuqnAtSyBpywBdlEykR6LkV6N0L8AXwtZJHZz:/M6m1U3rVuqAtSySwY1gEIZB
91	6144:O/izeB+/ow3gK2lc5bvyI0vOHD6BZkDgn358cIF3RI5HkdY1FP98/8ecjfP:3BohHKTyfvOHD6ByD4WcIMkuDmEesP
90	12288:5D+Azf/CVCW3ISw+hRNb3W/aTyA9VV/cZWLnR98V+:5D+AznCVNIZ+vNbG/WYWrR98V
89	12288:XeBWVNQiXY8aap1qXG2YmzwcyxDKsFM+t9j+9+X:uQQAYLapnLmzwhtLy+t9j+
8	1536:nEbNn3E5sOq19Pj21ZXBbpuW+8nkSXeVSvhWy5UzS:+n3IxdpNkSXsKf5t	Mirai
7	1536:q9KnGSGYfkiu/ZwQNCJEHQXglNU6bO3d5yAMw1f91uwcWIWinluUsPMrQ:CEkiUZJNZHKMNU6ba4XwtsluUsPMk	Mirai

Top dhash icon

Most seen dhashes of icons from PE32 executables and their signatures.

Malware Sample	dhash icon	Signature(s)
233	aae2f3e38383b629	119 x Formbook, 30 x SnakeKeylogger, 26 x AgentTesla
46	0000000000000000	15 x Formbook, 8 x SnakeKeylogger, 3 x AgentTesla
22	9494b494d4aeaeac	10 x DCRat, 3 x DeerStealer, 2 x GCleaner
21	cdabae6fe6e7eaec	7 x Amadey, 7 x AurotunStealer, 2 x PureLogsStealer
20	306296163498f230	6 x SnakeKeylogger, 2 x a310Logger, 2 x VIPKeylogger
20	ccb66361791992cc	10 x Formbook, 5 x VIPKeylogger, 2 x XWorm
13	40b974c4d4602858	6 x Formbook, 3 x SnakeKeylogger, 2 x a310Logger
12	f0e8ccb2d4d4f0f0	7 x Formbook, 2 x RemcosRAT, 1 x MassLogger
12	c6c2ccc4f4e0e0f8	2 x DiamotrixClipper, 1 x ValleyRAT
12	a808f89e88e02210	7 x VIPKeylogger, 5 x GuLoader