Statistics

MalwareBazaar produces various statistics on malware samples shared, including their detections. The available statistics can be found below.

Past 14 days
Overall

Malware sample shared

The chart below shows the number of unique malware samples shared on MalwareBazaar per day over a period of 30 days.

Top Reporters

It wouldn't be possible to operate MalwareBazaar without the help of volunteers who contribute malware samples to MalwareBazaar. The table below shows the top reporters and their Twitter handle.

Rank	Reporter	Last activity	Submissions
1	Neiki__	2023-06-01	1'746
2	abuse_ch	2023-06-02	1'575
3	zbetcheckin	2023-06-02	1'031
4	JAMESWT_MHT	2023-06-01	353
5	SecuriteInfoCom	2023-06-01	240
6	lowmal3	2023-06-01	197
7	andretavare5	2023-06-01	179
8	ChainskiLabs	2023-06-02	165
9	JaffaCakes118	2023-06-01	158
10	TeamDreier	2023-06-01	116
11	James_inthe_box	2023-06-01	81
12	pr0xylife	2023-06-01	74
13	threatcat_ch	2023-05-24	73
14	r3dbU7z	2023-06-01	72
15	adrian__luca	2023-05-29	59

Top Malware Families

Top Tags

Most matching YARA rules

YARA rules that matched most on malware samples in MalwareBazaar.

Malware Samples	YARA rule	Author	Last match
1'468	Skystars_Malware_Imphash	Skystars LightDefender	2023-06-02
1'468	pe_imphash	None	2023-06-02
925	pdb_YARAify	@wowabiy314	2023-05-30
526	myMirai	None	2023-06-01
475	linux_generic_ipv6_catcher	@_lubiedo	2023-06-01
475	cobalt_strike_tmp01925d3f	The DFIR Report	2023-06-01
465	MALWARE_Win_RedLine	ditekSHen	2023-06-02
451	unixredflags3	Tim Brown @timb_machine	2023-06-01
408	INDICATOR_EXE_Packed_ConfuserEx	ditekSHen	2023-06-02
354	redline_stealer_1	Nikolaos 'n0t' Totosis	2023-06-02
335	BitcoinAddress	Didier Stevens (@DidierStevens)	2023-06-02
324	win_amadey_a9f4	Johannes Bader	2023-05-30
308	PE_Digital_Certificate	albertzsigovits	2023-06-01
265	PE_Potentially_Signed_Digital_Certificate	albertzsigovits	2023-06-01
245	Linux_Trojan_Gafgyt_28a2fe0c	Elastic Security	2023-06-01

Most downloaded Malware Samples

Most downloaded malware samples on MalwareBazaar.

Downloads	Malware Sample	Type	Signature	Reporter
1'304	20cf945541d245468ff9f86e3339a5ce537e33ed06951f3f2dcc6acdcf90a31e	exe	Fabookie	SecuriteInfoCom
924	7e7a3c1b228d54fb07952dac151a49c0620d8b82fff7723d0d856aad574c8634	exe		pmmkowalczyk
825	e4ff3d138daf42cc71613a0b2b9131e672ab42e3fc8f12779efa2f882985c40c	exe	Smoke Loader	zbetcheckin
431	9acece99f4c28d2bd3855e18ebdb8e5240be3521f89b6f0f9769c7216757e286	exe	Loki	threatcat_ch
409	d1d74ec1039ff5aab99faf99bf70fb07f6b4c763a0c2fbc08b702ec9dcb03834	exe		Anonymous
398	2c2c265388a6a35791a4bb896cfcfbb7f14022b3e0256dbb5e0c14b81e1a47dd	exe	Formbook	James_inthe_box
370	fcc9e86561e2eef4cb3d9be190882d9ce1596c5d673acf67a54a0f54f3722f1d	exe	Loki	Anonymous
366	6e3cf5c7cccc4369fbed86c4de5bb59d7bb40c1ced10cab8b0bc733299d45ea1	exe	RemcosRAT	James_inthe_box
356	fbdd2e5779904ac37f1a5322c29bc20cae75832553a0f519ed5f23a15e7f86ab	exe	njrat	abuse_ch
353	ba93ee7bb38e10c6b38fb3c37798ad618e20b4f3d5125bd8d5de77f23afc3dcd	exe	njrat	abuse_ch
350	a82b10031aa29d8164b9c4599148641ab843312a405e83775295d5001860849c	exe	RemcosRAT	jstrosch
349	4b96a2bc629d40819ad85f26579a704999ca4e9d544ee83e7e89752c7279891f	exe	RedLineStealer	zbetcheckin
344	36c9da9b5e0eb4cc9453f946144cdf968f3485a1f9e4d015d54a526865aa51a4	exe	GCleaner	zbetcheckin
343	69d565496f44573290fb467941ffb5635eb38eb62c3ebe538fb3c7fd1fc50197	exe		SecuriteInfoCom
343	accb38ba3b9d6dfd9ad074145c53f8970ded5799e75f028bf57c3f3af80dc298	exe	RedLineStealer	abuse_ch

ANY.RUN

Top detections by ANY.RUN for malware samples on MalwareBazaar.

CAPE Sandbox

Top detections by CAPE Sandbox for malware samples on MalwareBazaar.

ClamAV

Top detections by ClamAV for malware samples on MalwareBazaar.

Intezer

Top detections by Intezer for malware samples on MalwareBazaar.

Joe Sandbox

Top detections by Joe Sandbox for malware samples on MalwareBazaar.

CERT.PL MWDB

Top detections by CERT.PL MWDB for malware samples on MalwareBazaar.

ReversingLabs

Top detections by ReversingLabs Titanium Platform for malware samples on MalwareBazaar.

Threatray

Top detections by Threatray for malware samples on MalwareBazaar.

Triage

Top detections by Triage for malware samples on MalwareBazaar.

UnpacMe

Top detections by UnpacMe for malware samples on MalwareBazaar.

VMRay

Top detections by VMRay for malware samples on MalwareBazaar.

FileScan.IO

Top classifications by FileScan.IO for malware samples on MalwareBazaar.

Most discussed Malware Samples

Most discussed (commented) malware samples on MalwareBazaar.

Comments	Malware Sample	Type	Signature
10	97bb6f30d2fe5546a810da356e41652d1bccfe2130cf77dec36b9ee17c19259d	xls	Dridex
6	d9b05da007d51cf86d4a6448d17183ab69a195436fe17b497185149676d0e77b	exe	TrickBot
4	7277388a0a82e85fe6eb38ed47bd5640c74f10be64ee6e9b8610c49b73328859	7z	HawkEye
3	f4841b9b9006e327d58c8d6fb6e1bb3699d05fcd10fcaf7adcdde47efccb13b3	zip	AgentTesla
3	e97b35c4339e0412571a445b2fe20e30fe91585cad505820b56a098a66e54c23	exe	AgentTesla
3	0994e0972430f7cf02b66c290b6e62666c14da2ca9ad369e7cf5447313dc8550	exe	TrickBot
3	667f88e8dcd4a15529ed02bb20da6ae2e5b195717eb630b20b9732c8573c4e83	doc	Phobos
2	df822aa4ae822b89d8f1c6b4afe3f9bf4679b7c9872bd95d3cbfab366a57edca	hta
2	2b7bdd0b8bde43d8e9d9a32352a408c5028e2a39c694be064a6ed18d0aa830e7	exe	Stop
2	251643f0b539eb872ebeb216f1b71f0f8dc8301276ea63dbfdf10a7267ac7379	zip

Top File Types

Most seen file types associated with malware samples on MalwareBazaar.

Top imphashes

Most seen imphashes on MalwareBazaar.

Malware Sample	imphash	Top 4 Signatures
1'791	646167cce332c1c252cdcb1839e0cf48	RedLineStealer Amadey njrat Lu0Bot
1'160	f34d5f2d4577ed6d9ceec516c1f5a744	AgentTesla Formbook SnakeKeylogger Loki
63	61259b55b8912888e90f516ca08dc514	Formbook AgentTesla GuLoader SnakeKeylogger
28	e92b45c54aa05ec107d5ef90662e6b33	GCleaner
25	47e01530ad43ec939d1c47709a80a5c6	BumbleBee
21	bb27c4958c76443fcfe46f9765d838a2	Stop RedLineStealer GCleaner Amadey
19	bd191f6a78cc98a8bbe61db18ad8e9a2	Glupteba Smoke Loader ArkeiStealer Stop
18	dae02f32a21e03ce65412f6e56942daa	YellowCockatoo CobaltStrike MassLogger AsyncRAT
17	b78ecf47c0a3e24a6f4af114e2d1f5de	GuLoader CoinMiner Loki AgentTesla
17	697c6731df2df92c82c75859d21c5f77	Glupteba Stop Smoke Loader RedLineStealer

Top ssdeep hashes

Most seen ssdeep hashes on MalwareBazaar.

Malware Sample	ssdeep	Signature(s)
26	3072:2V+m5cNQmRSxWWAcP+DDXedh7Z58e8hk:2jwCUudh7z	RedLineStealer
13	3072:PV+m5chQmRSZQ1avem1eJwfUuMyNiOhjZR8e8hX:PjENURTIOhj7	RedLineStealer
10	3072:vV+m5cVQmRSx9WCEkEhPW67V8BjVhtZN8e8ht:vj4oihwlVht3	RedLineStealer
8	3072:oV+m5czQmRS9Ynk5QXNhhRbG5h5Zx8e8h/:ojKtM5h5b	RedLineStealer
7	1536:o2BGlTP+mZP61sEYDmRSNIgcscLDuRwH77+u8oxQKHbuxGBNM740wuei/Qv+R+Fn:6V+m5cvQmRSN90+82iTi74h9ZF8e8hU	RedLineStealer
7	12288:6tLTyenMEh/rI+Ea4seWbh1/PjsrCe3NsGTzbEr6JeUc/X016JNHJPXFk2LxvTr2:6tieMEe+HeWXjsldP3	Amadey RedLineStealer
5	3072:sV+m5c/QmRSNY7WKA7vGJv3xnhMZx8e8hp:sj2BUanhMb	RedLineStealer
5	1536:czvQSZpGS4/31A6mQgL2eYCGDwRcMkVQd8YhY0/EqfIzmd:nSHIG6mQwGmfOQd8YhY0/EqUG	Loki Heodo
4	6144:bDKW1Lgbdl0TBBvjc/XYrcjaYJ8CTzkLFEPrg7VuQJY2HK:vh1Lk70TnvjcvNJhUEGcOK	RedLineStealer
4	3072:FV+m5c/QmRSNAwMqLza9nDEFth2ZG8e8hR:Fj2FD0IQth2c	RedLineStealer

Top dhash icon

Most seen dhashes of icons from PE32 executables and their signatures.

Malware Sample	dhash icon	Signature(s)
1'785	f8f0f4c8c8c8d8f0	1'171 x RedLineStealer, 605 x Amadey, 2 x CoinMiner
105	10f0d4d0d4d4cc33	105 x RedLineStealer
60	0000000000000000	17 x Loki, 15 x AgentTesla, 9 x Formbook
38	224472b2a0c04280	13 x AgentTesla, 10 x Formbook, 8 x Loki
34	b298acbab2ca7a72	29 x GCleaner, 1 x RecordBreaker, 1 x Stealc
33	b2a89c96a2cada72	13 x AgentTesla, 7 x Formbook, 4 x AveMariaRAT
28	0060696969714410	8 x AgentTesla, 7 x SnakeKeylogger, 7 x Loki
23	68ec9acaabd0dcf0	11 x Loki, 5 x AgentTesla, 4 x Formbook
22	5169ccd4b2968e96	10 x AgentTesla, 5 x Loki, 4 x Formbook
19	e869f1f070f03054	7 x Formbook, 5 x AgentTesla, 4 x Loki