Statistics

Top Reporters Signatures (Malware Family) Most downloaded Malware Samples Most discussed Malware Samples Most used tags Clamav signature ReversingLabs CAPE Sandbox CERT.PL MWDB File Types imphashes ssdeep

Number of submissions (past 30 days)

The chart below documents the number of submissions (unique malware samples) to MalwareBazaar per day over a period of 30 days.

Top Reporters

It wouldn't be possible to operate MalwareBazaar without the help of volunteers who contribute malware samples to MalwareBazaar. The table below shows the top reporters and their Twitter handle.

Rank	Reporter	Submissions
1	@lazyactivist192	69'724
2	@abuse_ch	60'817
3	@Seifreed	48'946
4	@Cryptolaemus1	44'834
5	@JAMESWT_MHT	12'741
6	@SecuriteInfoCom	8'077
7	@cocaman	6'672
8	@FORMALITYDE	5'524
9	@jarumlus	5'257
10	@GovCERT_CH	3'469
11	@James_inthe_box	3'399
12	@ov3rflow1	2'339
13	@Jouliok	1'953
14	@malware_traffic	1'554
15	@lowmal3	1'222

Top Malware Family

Most seen malware family (signature) associated with malware samples on MalwareBazaar.

Most downloaded Malware Samples

Most downloaded malware samples on MalwareBazaar.

Downloads	Malware Sample	Type	Signature	Reporter
71'985	70ab26000929d26e0e4e567bd0dc4158054538485fcfd51dd4b60a534967814b	lzh	FirebirdRAT	@GovCERT_CH
2'552	f0ad6a854cc6b8511c0499267c59c3e9a987845c912f3da030dd5a2201978385	sh		@ov3rflow1
2'468	afb4b0092c76214b9ac99cf9c00ae56163916c04e7713bd56a38abf07a81a7d7	html		@TheGing3rm4n
2'448	02419de92a33a88bc17701008182ca9f7ea8d4645311b837b98738acdea83254	sh		@ov3rflow1
2'437	5470f0644589685000154cb7d3f60280acb16e39ca961cce2c016078b303bc1b	unknown		@Threat_hunts
2'434	455e09d22b9e9b172e5cf25a87f70c079bf97edc0295251a42f48211caf5043f	vbs		@creP_R2point0
2'431	7fad486d054e36626a9842c99b2ff58dbf9e264d8faf45b3376afa02f0e829a7	sh		@ov3rflow1
2'419	c2577719ac323c385fdae61c336d5582472c2441ac1ec0699ec0948305ae8786	sh		@ov3rflow1
2'418	42f8b10e4051c44e24067701b80674ac907fb49435cbb300e6b3fd6902d3de27	unknown		@ov3rflow1
2'417	37ed866abc19465aa2172d651bbd3ffe2836add54ba3065ff7189f1a75410d9f	unknown		@Marco_Ramilli
2'416	b4e670799c0a241b69b231fd9a1d3c2e2a29b4d4d67c9bf746c01a6f19b0210d	sh		@ov3rflow1
2'412	61043ee383ff19ba6d5e65e455dd8d1170f1f6365dfb9c9c0764171f519ceb55	sh		@ov3rflow1
2'411	cf932ebbd2a2684dec9a823f2c223ef1666a18683dc342f45d71d99508624e88	sh		@ov3rflow1
2'408	560393402e176329d8bf14ad5bef7ab8e1d079f62a569600bad6daba2ccd25e3	sh		@ov3rflow1
2'408	eb4fdda796cd2cfef2d7ba81951817d4dbda6b777ea0f55e83b9307fb5bd6145	sh		@ov3rflow1

Most discussed Malware Samples

Most discussed (commented) malware samples on MalwareBazaar.

Comments	Malware Sample	Type	Signature
11	ee52f756ae355c07f18ff833fb4277c78be6d673f33a7a1a2f0f246e9ebff910	unknown
10	97bb6f30d2fe5546a810da356e41652d1bccfe2130cf77dec36b9ee17c19259d	xls	Dridex
6	d9b05da007d51cf86d4a6448d17183ab69a195436fe17b497185149676d0e77b	exe	TrickBot
4	7277388a0a82e85fe6eb38ed47bd5640c74f10be64ee6e9b8610c49b73328859	7z	HawkEye
3	e97b35c4339e0412571a445b2fe20e30fe91585cad505820b56a098a66e54c23	exe	AgentTesla
3	f4841b9b9006e327d58c8d6fb6e1bb3699d05fcd10fcaf7adcdde47efccb13b3	zip
3	0994e0972430f7cf02b66c290b6e62666c14da2ca9ad369e7cf5447313dc8550	exe	TrickBot
3	667f88e8dcd4a15529ed02bb20da6ae2e5b195717eb630b20b9732c8573c4e83	doc	Phobos
2	361a0688f9302848b82d16ad1055bc9b6af14bcda81cc9020321664df4965e57	exe	AgentTesla
2	251643f0b539eb872ebeb216f1b71f0f8dc8301276ea63dbfdf10a7267ac7379	zip

Top Tags

Most seen tags associated with malware samples on MalwareBazaar.

Top ClamAV signature

Most seen ClamAV signature detecting malware samples on MalwareBazaar.

ReversingLabs

Top threat name matching malware samples on MalwareBazaar.

CAPE Sandbox

Top detection matching malware samples on MalwareBazaar.

CERT.PL MWDB

Top malware family on MalwareBazaar.

Top File Types

Most seen file types associated with malware samples on MalwareBazaar.

Top imphashes

Most seen imphashes on MalwareBazaar.

Malware Sample	imphash	Top 4 Signatures
36'003	f34d5f2d4577ed6d9ceec516c1f5a744	AgentTesla Formbook njrat NanoCore
9'777	c9f7e018b269f1b5fe81cf757d6f8e93	Heodo
3'193	87bed5a7cba00c7e1f4015f1bdae2183	Netsky Rapid njrat VTFlooder
1'958	50f8a2255c4baf188eb0098c86160f78	Heodo
1'506	015974618e9105226f001019d35e62e5	Quakbot
1'451	676f4bc1db7fb9f072b157186a10179e	AveMariaRAT Riskware.Generic QuasarRAT
1'384	afcdf79be1557326c854b6e20cb900a7	AgentTesla RemcosRAT NanoCore QuasarRAT
1'367	6a92ab663de3ecd4063c87695c1ffbc2	Heodo TrickBot
1'240	0b23b9ad9f12b8fc28e61bff35382e32	TrickBot
1'078	756d47e140fb5764b6e625ca5c18a2db	Dridex

Top ssdeep hashes

Most seen ssdeep hashes on MalwareBazaar.

Malware Sample	ssdeep	Signature(s)
1'124	12288:J2+J+l5QvSoOUkQNPRoswLLjfsHJNF05s:AJl5QrrkQFCHspN4	Quakbot
1'123	12288:U2+J+l5QvSoOUkQGPRoswLLjfsHJNF05F:PJl5QrrkQOCHspN4	Quakbot
1'121	12288:l2+J+l5QvSoOUkQiPRoswLLjfsHJNF05h:8Jl5QrrkQaCHspN4	Quakbot
373	3072:IFNthWQl/rSJ7lvt9filcZritkrINAEYsm2:IBhWQ/mJLflrOAp2	Gozi Heodo
307	12288:xyP2Md2hn+tDKFtKwK5KLK6KYK5KlK3K1aoNl7Mv+lwVwy:grdO+tDKFQoNOml	TrickBot
180	384:fnqmQF9b8PdvtUuiyaFwrEnO2/7vUU2aGcuFjqZ5g:yme9bodlpkqkOOjUdaGciq5g	Quakbot
180	384:PnqmQF9b8PdvtUuiyaFwrEnO2/7vUyV2aGcuFjqZUb:Cme9bodlpkqkOOjU/aGciqUb	Quakbot
180	384:/nqmQF9b8PdvtUuiyaFwrEnO2/7vUU2aGcuFjqZ5g:Sme9bodlpkqkOOjUdaGciq5g	Quakbot
179	384:/nqmQF9b8PdvtUuiyaFwrEnO2/7vUjqN2aGcuFjqZM:Sme9bodlpkqkOOjUjqgaGciqM	Quakbot
179	384:/nqmQF9b8PdvtUuiyaFwrEnO2/7vUyV2aGcuFjqZUb:Sme9bodlpkqkOOjU/aGciqUb	Quakbot