Statistics

Top Reporters Signatures (Malware Family) Most downloaded Malware Samples Most discussed Malware Samples Top voted Comments Most used tags Clamav signature File Types imphashes ssdeep

Number of submissions (past 30 days)


The chart below documents the number of submissions (unique malware samples) to MalwareBazaar per day over a period of 30 days.


Top Reporters


It wouldn't be possible to operate MalwareBazaar without the help of volunteers who contribute malware samples to MalwareBazaar. The table below shows the top reporters and their Twitter handle.

RankReporterSubmissions
1Twitter @Marco_Ramilli962
2Twitter @abuse_ch904
3Twitter @viql737
4Twitter @SecuriteInfoCom549
5Twitter @jarumlus521
6Twitter @defconisov3r473
7Twitter @cocaman348
8Twitter @James_inthe_box156
9Twitter @c_APT_ure150
10Twitter @Jouliok146
11Twitter @Racco4281
12Twitter @oppimaniac60
13Twitter @w3ndige22
14Twitter @Jirehlov22
15Twitter @Threat_hunts21

Top Malware Family


Most seen malware family (signature) associated with malware samples on MalwareBazaar.

Most downloaded Malware Samples


Most downloaded malware samples on MalwareBazaar.

DownloadsMalware SampleTypeSignatureReporter
125c323a6d5290a134a8b6c374a20a5bf5091ae7923c5e0f64ecc89c559d4b1b34bExecutable exeTwitter @SecuriteInfoCom
76d4492a9eb36f87a9b3156b59052ebaf10e264d5d1ce4c015a6b0d205614e58e3Executable exeNefilimTwitter Anonymous
49937284137c84e1a192926206db0102c93764420508b2ff6bb6ab609cb7b55f9fExecutable exeFormBookTwitter @cocaman
44b8980e7c60ae987813f6202f7f38843291070a88751a1d1bbcc7e09ca880d23a rarGuLoaderTwitter @abuse_ch
4063eef1a118dca3958a1a77de696c8985dee37473999fd07303b67f89d4fd72e1Executable exeGuLoaderTwitter @cocaman
384abaa0068925eec792fe2351b6633412c258f35c52d5b524dfa122746cd7a00aVisual Basic Script (vbe) vbeTwitter @w3ndige
3727a84e0574d68f31b5bd99c73db55dfbb246ac98606e4db323398f2be74a393aVisual Basic Script (vbe) vbeTwitter @abuse_ch
37764553cbeade2cc41c018b08fb22381a32a6c475b86353458d8fbc1aab86afebExecutable exeTrickBotTwitter @abuse_ch
36d0fda976a26cacaadf44e1b4aaa8870bd013c840bf42bf1c43a2de34df8a56ae xzAgentTeslaTwitter @abuse_ch
354d71f1eab01045de9ae76ea248be7746bad70c12ad977eeb6e8f8e46bbce6395Word file docCobaltStrikeTwitter @cocaman
352ea5a4fb25528051254f255dc64913ca7d4faa1ecba2f40a55b536f871624fb9Executable exeFormbookTwitter @abuse_ch
35d88d7121c5380e8484773284ae4fbe0989d89fbf05b7cbcd2acc0001a553a85bWord file docNanoCoreTwitter @abuse_ch
340299150a64cbdf7b7ec5048b5ddab864171910cf4ed9da586a44caa2228be443Executable exeHawkEyeTwitter @cocaman
331a344f443cb63b15248b6ec7b7dcfe4d3b9cb68fa7ffd8cce0415963d0c81d62Excel file xlsTA505Twitter @dave_m
3262249a27a29418db42e58fdd7e2a41543d134f30d196ec181c3813c5ec96483eExecutable exeNanoCoreTwitter @abuse_ch

Most discussed Malware Samples


Most discussed (commented) malware samples on MalwareBazaar.

CommentsMalware SampleTypeSignature
47277388a0a82e85fe6eb38ed47bd5640c74f10be64ee6e9b8610c49b73328859 7zHawkEye
3e97b35c4339e0412571a445b2fe20e30fe91585cad505820b56a098a66e54c23Executable exeAgentTesla
24489591775f245687f693d6c2463835297e0908c9f7501e53567bc9369a73b91 zip 
23fdc7380613344c2b9458117b45028516709b68c2b3ed296ac688378a46caae6 zip 
22cf671173d9af2f550adcb58b7c8aa914164d52400363680cf476af85b9bfab2Executable exeAgentTesla
2106c696661843eecc63c0fb98ddb77402172b50c7b33be3a59984531ce6a9b64 imgGuLoader
254698d6f3747b44eefd4c82f441994e909a48989fa4ea1a245b512fbf6f9386cHTML Application (hta) hta 
15ecdc843c22bf650e78bd9b4a533adabc49d0bfb8b183e9f1023862f1600ea8eDLL dll 
14e802539738578152d3255774e831b71bbc21d798bb672223e326c80e430713aExecutable exePony
1cc2c9b6a03c60515e48c738fdc2f6f8bb1c3a09a8997168f01d813f48a57925a gz 

Top voted Comments


Most voted comments on MalwareBazaar.

Avatar
Corsin Camichel commented on 2020-03-10 20:15:30 UTC

Subject: Inquiry N.134707
Sender: Orgiamo

Avatar
abuse.ch commented on 2020-03-14 17:32:14 UTC

HELO: lsm-ingenieure.de
Sending IP: 37.120.140.192
From: info@lsm-ingenieure.de
Reply-To: smtpf0x@akxez.com

Avatar
Peter Zuidema commented on 2020-03-17 15:03:41 UTC

downloaded from https://pastebin.com/raw/fvcvPx35, base64 encoded with '$' symbol thrown in to make it more difficult.

Top Tags


Most seen tags associated with malware samples on MalwareBazaar.

Top ClamAV signature


Most seen ClamAV signature detecting malware samples on MalwareBazaar.

Top File Types


Most seen file types associated with malware samples on MalwareBazaar.

Top imphashes


Most seen imphashes on MalwareBazaar.

Malware SampleimphashTop 4 Signatures
1338f34d5f2d4577ed6d9ceec516c1f5a744njrat AgentTesla NanoCore RevengeRAT
131afcdf79be1557326c854b6e20cb900a7AgentTesla Loki NanoCore HawkEye
833405adb708f38a8c5b5ee1fd45dead95Sodinokibi
370239fd611af3d0e9b0c46c5837c80e09Loki
27c4c29c7e6a6897be412c7fedfcca8fe4Sodinokibi
273d95adbf13bbe79dc24dccb401c12091AgentTesla HawkEye Loki NetWire
185f0c90c109d16124e83cb7a25caef54fRemcosRAT FormBook
148837403953aca5b4da76227e6b03656fQuakbot
136d1f2b41411eacafcf447fc002d8cb00AZORult
12e89afcbcfdfa93008df71eedbaa248e8AgentTesla Loki FormBook

Top ssdeep hashes


Most seen ssdeep hashes on MalwareBazaar.

Malware SamplessdeepSignature(s)
371536:czvQSZpGS4/31A6mQgL2eYCGDwRcMkVQd8YhY0/EqfIzmd:nSHIG6mQwGmfOQd8YhY0/EqUGLoki
61536:lvqIPE8ddFD1frrq7gVxoNGPNJKF1m+xVE0/bK:cI8CxFVxAMNJKu+xVE0TKAveMariaRAT
61536:azvQSZpGS4/31A6mQgL2eYCGDwRcMkVQd8YhY0/EqfIzmd:BSHIG6mQwGmfOQd8YhY0/EqUG
31536:FbYoyaC/lwKYGNhs3x09kX/t+Fy6sSxVE0eCK:XyaoG8L9kv47xVE09KAveMariaRAT
21536:5Csejmb+6BQyusX1UjtA0uWRf/eloc/9T1jVEyp:AtD6jSm0uWRfCogTjVEGAveMariaRAT
296:MvZUG5VoWxZOGsvMVyRFENYfN2oy4hM1NOO:uZUGZxYvBpvZANOO
23072:zrjZIXO52I2DsTUyEpf/Eg22wNGdAB3It8KlRB4uy:zrMHDYUFf/XyGd230ReuyHeodo
26144:OJZbXtDs2rDopAlNB7zQxlh2KdPj6W/SNOceRkq:OJZbDsp4NB7zs2KdG4SFeQuakbot
296:MvZUG5VoWx0OGsvMVyRFENYfN2oy4hM1NOO:uZUGZxJvBpvZANOO
21536:UnSncgyGqTDRXmGcwSCfZDalZNg9tvo0iO3AX4ApTvMEI1kzmt2l:2SnMuGc/CfZDap6COU45EIZtmPony