Statistics

MalwareBazaar produces various statistics on malware samples shared, including their detections. The available statistics can be found below.

Past 14 days
Overall

Malware sample shared

The chart below shows the number of unique malware samples shared on MalwareBazaar per day over a period of 30 days.

Top Reporters

It wouldn't be possible to operate MalwareBazaar without the help of volunteers who contribute malware samples to MalwareBazaar. The table below shows the top reporters and their Twitter handle.

Rank	Reporter	Last activity	Submissions
1	@abuse_ch	2021-09-26	1'984
2	@JAMESWT_MHT	2021-09-24	1'251
3	@zbetcheckin	2021-09-26	1'138
4	@GovCERT_CH	2021-09-24	360
5	@tolisec	2021-09-26	197
6	@cocaman	2021-09-24	187
7	@SecuriteInfoCom	2021-09-26	107
8	@malwarelabnet	2021-09-25	91
9	@James_inthe_box	2021-09-24	86
10	@r3dbU7z	2021-09-24	38
11	@adrian__luca	2021-09-24	38
12	@pr0xylife	2021-09-23	36
13	@ActorExpose	2021-09-22	34
14	@0x746f6d6669	2021-09-24	31
15	@pmelson	2021-09-24	28

Top Malware Families

Top Tags

Most matching YARA rules

YARA rules that matched most on malware samples in MalwareBazaar.

Malware Samples	YARA rule	Author	Last match
1'504	Skystars_Malware_Imphash	Skystars LightDefender	2021-09-26
1'504	pe_imphash		2021-09-26
545	linux_generic_ipv6_catcher	@_lubiedo	2021-09-26
496	unixredflags3	Tim Brown @timb_machine	2021-09-26
494	INDICATOR_SUSPICIOUS_Stomped_PECompilation_Timestamp_InTheFuture	ditekSHen	2021-09-26
458	MALWARE_Win_RedLine	ditekSHen	2021-09-26
292	INDICATOR_SUSPICIOUS_EXE_Referenfces_Messaging_Clients	ditekSHen	2021-09-26
228	win_raccoon_auto	Felix Bilstein	2021-09-26
206	AgentTeslaV3	ditekshen	2021-09-26
206	ach_AgentTesla_20200929	abuse.ch	2021-09-26
206	win_agent_tesla_v1	Johannes Bader @viql	2021-09-26
206	MALWARE_Win_AgentTeslaV3	ditekSHen	2021-09-26
174	SUSP_XORed_Mozilla	Florian Roth	2021-09-26
174	SUSP_XORed_Mozilla_RID2DB4	Florian Roth	2021-09-26
144	INDICATOR_SUSPICIOUS_Binary_References_Browsers	ditekSHen	2021-09-26

Most downloaded Malware Samples

Most downloaded malware samples on MalwareBazaar.

Downloads	Malware Sample	Type	Signature	Reporter
480	4c6abb682817fd6093d2edaa821ef0c9c9368db4d6be6dce152a45a9782afa27	vbs	NanoCore	@abuse_ch
474	07c88db437007f63707266efdc16363c6ddc6def76cdef5e35674f3e9283e3df	exe	AZORult	@abuse_ch
463	0257c2dba216209d6c9ad6e6096755efc9b4961018ebdceae8c931cdb62a650c	exe	NetWire	@abuse_ch
460	f5237b1e69da3a1f3483c1538311c9a7909fbe704106328921589508a3e3389b	exe	Heodo	@zbetcheckin
453	f6f17df29850bf734970fd18cc9c8fbf1e7cc901c2f0a823b1743c5866394254	exe	DanaBot	@zbetcheckin
453	c39e53a8a1d7e702ce379ee016e79448798adcc9ecf57854e0dffdf8e12aebd0	exe	njrat	@abuse_ch
452	d5cf8749638c96e98d4daae21da684b45da35fc3800247054ea6e8275a51a09d	exe	njrat	@abuse_ch
450	ac2f39e6983592b627cf68f8a4bfce8af561b52b38534581e710718dd4c2e404	exe	AZORult	@abuse_ch
450	dbd5e126cad149e95614507e63a255f2b26b9a4e539b7bcd25e7d8a1e2bd6e07	exe	njrat	@abuse_ch
449	c190212320707b257c00c6e79da0feb4f59202aab042d690c1ea6e158b5ea0a8	exe	NanoCore	@abuse_ch
447	82abbdee746d652b3300c458d251e3b858dfa66b287049608cd4eb3d6cf3b3f8	exe	DanaBot	@zbetcheckin
444	dd3ef1d4374dd7dc49463c38c92376a9f88e795c00a59bb33c28bc9513e50940	doc	Hancitor	@JAMESWT_MHT
442	cae812a6b8075600f07a4961f64478a269a03963914d161365f3c13083406214	exe	NanoCore	@abuse_ch
438	d3ead488ec0b44a97df99a563ee547a7ea505b2c26ccd03474a8d8493c359b84	exe	Heodo	@JAMESWT_MHT
433	e0ff6c10a2da6041b7e95a2de568382c964dd452130a1eb623fae64c7f480ba6	exe	Heodo	@JAMESWT_MHT

CAPE Sandbox

Top detections by CAPE Sandbox for malware samples on MalwareBazaar.

ClamAV

Top detections by ClamAV for malware samples on MalwareBazaar.

Intezer

Top detections by Intezer for malware samples on MalwareBazaar.

Joe Sandbox

Top detections by Joe Sandbox for malware samples on MalwareBazaar.

CERT.PL MWDB

Top detections by CERT.PL MWDB for malware samples on MalwareBazaar.

ReversingLabs

Top detections by ReversingLabs Titanium Platform for malware samples on MalwareBazaar.

Threatray

Top detections by Threatray for malware samples on MalwareBazaar.

Triage

Top detections by Triage for malware samples on MalwareBazaar.

UnpacMe

Top detections by UnpacMe for malware samples on MalwareBazaar.

VMRay

Top detections by VMRay for malware samples on MalwareBazaar.

Most discussed Malware Samples

Most discussed (commented) malware samples on MalwareBazaar.

Comments	Malware Sample	Type	Signature
10	97bb6f30d2fe5546a810da356e41652d1bccfe2130cf77dec36b9ee17c19259d	xls	Dridex
6	d9b05da007d51cf86d4a6448d17183ab69a195436fe17b497185149676d0e77b	exe	TrickBot
4	7277388a0a82e85fe6eb38ed47bd5640c74f10be64ee6e9b8610c49b73328859	7z	HawkEye
3	f4841b9b9006e327d58c8d6fb6e1bb3699d05fcd10fcaf7adcdde47efccb13b3	zip	AgentTesla
3	e97b35c4339e0412571a445b2fe20e30fe91585cad505820b56a098a66e54c23	exe	AgentTesla
3	0994e0972430f7cf02b66c290b6e62666c14da2ca9ad369e7cf5447313dc8550	exe	TrickBot
3	667f88e8dcd4a15529ed02bb20da6ae2e5b195717eb630b20b9732c8573c4e83	doc	Phobos
2	df822aa4ae822b89d8f1c6b4afe3f9bf4679b7c9872bd95d3cbfab366a57edca	hta
2	2b7bdd0b8bde43d8e9d9a32352a408c5028e2a39c694be064a6ed18d0aa830e7	exe	Stop
2	251643f0b539eb872ebeb216f1b71f0f8dc8301276ea63dbfdf10a7267ac7379	zip

Top File Types

Most seen file types associated with malware samples on MalwareBazaar.

Top imphashes

Most seen imphashes on MalwareBazaar.

Malware Sample	imphash	Top 4 Signatures
1'323	f34d5f2d4577ed6d9ceec516c1f5a744	AgentTesla Formbook Loki njrat
643	6668be91e2c948b183827f040944057f	Dridex
105	b76363e9cb88bf9390860da8e50999d2	Formbook SnakeKeylogger AgentTesla Loki
58	4328f7206db519cd4e82283211d98e83	RedLineStealer RaccoonStealer LegionLocker AgentTesla
50	cff62fa5d60c26268b201fcb5b9dc813	RedLineStealer RaccoonStealer CoinMiner ArkeiStealer
43	062d438af0a5427d47d2119e831026d3	RedLineStealer RaccoonStealer ArkeiStealer CoinMiner
42	13d097bc679769118a9ca1658020024c	RedLineStealer RaccoonStealer DanaBot Smoke Loader
33	dae02f32a21e03ce65412f6e56942daa	CobaltStrike YellowCockatoo SUNBURST MassLogger
32	4243f00363439be8c6e25a231537571b	RedLineStealer RaccoonStealer CoinMiner DanaBot
31	c32368f78c61cf2d9d6654d89861a9fe	ArkeiStealer

Top ssdeep hashes

Most seen ssdeep hashes on MalwareBazaar.

Malware Sample	ssdeep	Signature(s)
15	12288:9VI0W/TtlPLfJCm3WIYxJ9yK5IQ9PElOlidGAWilgm5Qq0nB6wtt4AenZ1:kfP7fWsK5z9A+WGAW+V5SB6Ct4bnb	Dridex
15	12288:2VI0W/TtlPLfJCm3WIYxJ9yK5IQ9PElOlidGAWilgm5Qq0nB6wtt4AenZ1:rfP7fWsK5z9A+WGAW+V5SB6Ct4bnb	Dridex
15	12288:QVI0W/TtlPLfJCm3WIYxJ9yK5IQ9PElOlidGAWilgm5Qq0nB6wtt4AenZ1:VfP7fWsK5z9A+WGAW+V5SB6Ct4bnb	Dridex
14	12288:bVI0W/TtlPLfJCm3WIYxJ9yK5IQ9PElOlidGAWilgm5Qq0nB6wtt4AenZ1:6fP7fWsK5z9A+WGAW+V5SB6Ct4bnb	Dridex
14	12288:HVI0W/TtlPLfJCm3WIYxJ9yK5IQ9PElOlidGAWilgm5Qq0nB6wtt4AenZ1:ufP7fWsK5z9A+WGAW+V5SB6Ct4bnb	Dridex
13	12288:+VI0W/TtlPLfJCm3WIYxJ9yK5IQ9PElOlidGAWilgm5Qq0nB6wtt4AenZ1:jfP7fWsK5z9A+WGAW+V5SB6Ct4bnb	Dridex
12	12288:uVI0W/TtlPLfJCm3WIYxJ9yK5IQ9PElOlidGAWilgm5Qq0nB6wtt4AenZ1:zfP7fWsK5z9A+WGAW+V5SB6Ct4bnb	Dridex
12	12288:JVI0W/TtlPLfJCm3WIYxJ9yK5IQ9PElOlidGAWilgm5Qq0nB6wtt4AenZ1:ofP7fWsK5z9A+WGAW+V5SB6Ct4bnb	Dridex
12	12288:WVI0W/TtlPLfJCm3WIYxJ9yK5IQ9PElOlidGAWilgm5Qq0nB6wtt4AenZ1:LfP7fWsK5z9A+WGAW+V5SB6Ct4bnb	Dridex
11	12288:LVI0W/TtlPLfJCm3WIYxJ9yK5IQ9PElOlidGAWilgm5Qq0nB6wtt4AenZ1:KfP7fWsK5z9A+WGAW+V5SB6Ct4bnb	Dridex

Top dhash icon

Most seen dhashes of icons from PE32 executables and their signatures.

Malware Sample	dhash icon	Signature(s)
103	ead8ac9cc6a68ee0	42 x RedLineStealer, 33 x RaccoonStealer, 6 x ArkeiStealer
93	ead8ac9cc6e68ee0	33 x RedLineStealer, 27 x RaccoonStealer, 8 x Stop
58	b282b8a4a6929e9e	23 x Formbook, 19 x AgentTesla, 8 x SnakeKeylogger
57	399998ecd4d46c0e	45 x ArkeiStealer, 5 x Osiris, 2 x Hancitor
50	1072c093b0381906	16 x RedLineStealer, 10 x Stop, 8 x RaccoonStealer
39	b2a89c96a2cada72	8 x Formbook, 5 x RedLineStealer, 4 x RaccoonStealer
37	a28aa2e2e0aaa2a2	13 x Formbook, 10 x AgentTesla, 5 x SnakeKeylogger
34	71b119dcce576333	28 x TrickBot, 2 x BazaLoader, 1 x Heodo
33	327e7c7d727e6e76	12 x RedLineStealer, 12 x RaccoonStealer, 3 x Stop
30	1072c293b0381906	14 x RedLineStealer, 4 x DanaBot, 3 x Stop