Statistics

MalwareBazaar produces various statistics on malware samples shared, including their detections. The available statistics can be found below.

Malware sample shared


The chart below shows the number of unique malware samples shared on MalwareBazaar per day over a period of 30 days.


Top Reporters


It wouldn't be possible to operate MalwareBazaar without the help of volunteers who contribute malware samples to MalwareBazaar. The table below shows the top reporters and their Twitter handle.

RankReporterLast activitySubmissions
1Twitter @abuse_ch2021-08-031'534
2Twitter @zbetcheckin2021-08-031'149
3Twitter @cocaman2021-08-02432
4Twitter @JAMESWT_MHT2021-08-02221
5Twitter @lowmal32021-08-02137
6Twitter @James_inthe_box2021-08-02124
7Twitter @GovCERT_CH2021-07-30106
8Twitter @SecuriteInfoCom2021-08-03103
9Twitter @tolisec2021-08-0297
10Twitter @malwarelabnet2021-08-0278
11Twitter @malware_traffic2021-07-3027
12Twitter @ArkbirdDevil2021-08-0227
13Twitter @Racco422021-08-0225
14Twitter @TeamDreier2021-08-0215
15Twitter @r3dbU7z2021-08-0114

Top Malware Families

Top Tags

Most downloaded Malware Samples


Most downloaded malware samples on MalwareBazaar.

DownloadsMalware SampleTypeSignatureReporter
2'278e0b8c869d4a6c612c59a4a22eb1b61dbd751e7008dfdf8f9215621f95a484be2Executable exeRaccoonStealerTwitter @abuse_ch
2'263e09956e3cf238362a12d4fb0c7748334980d447f45519302f059ee315c6a62eb elfMiraiTwitter @zbetcheckin
2'2422bbe0633d974bebe690876a221f84f1941220b9ccf9a5a000151babda8f443e1 elfMiraiTwitter @zbetcheckin
2'080e6507f36045c13dee736bea44d61e90169ea69de61e9dc50b5743960c5b8f85aExecutable exeBlackNETTwitter @abuse_ch
1'85451efb42800bb7a82776d721f2c7485a2258036d43ca263a8c64ed1f30a650fde elfMiraiTwitter @tolisec
1'848e795060743fb5139f888e616204b46727365cac99ce03ccd29c7fc8df412baeaExecutable exeRedLineStealerTwitter Anonymous
1'842db33ecbcd768469b698011c77e600e378e4225f8dc952b0fc9829b5ef61aa6c2Executable exeQuasarRATTwitter @abuse_ch
1'840c643f3d7a3da44116e51974aeeba114d184ab09ddde121e8283d73c60ee9b184Executable exeQuasarRATTwitter @abuse_ch
1'7743baa3afdc0dbd4cc6bd1db808eae12356bfe7bb8e4640d96116a38111367a5fdExecutable exePonyTwitter @abuse_ch
1'768c4212b60e17b36e660d61ce38b7e9308aaadeaf815c05ab5d1edefed5c80be16Executable exeRedLineStealerTwitter @abuse_ch
1'735c186924c9e23f60e9dea580f9d3435d36a24c95fc2e4b79c95933cf870650697Executable exeAgentTeslaTwitter @abuse_ch
1'712dde0d8980f77e3569f9d6c5e0c439e8dd8e2bba5fa2ae4d029ddcc4c1f3da134Executable exeFormbookTwitter @abuse_ch
1'710028fe7d08ab916d5239ccd8bcfdcd885ddffdf3821abc01958490daeba45dbecExecutable exeSmoke LoaderTwitter @abuse_ch
1'7055651c726a433d942eb9cdbe74c6631178fa3e243e0953e0a55f54f1752e05682Executable exeStopTwitter @abuse_ch
1'698851c23c1e7511cae9134da4086116a84a8c28405a0ba05f1a9654a518e2cd64dExecutable exeDridexTwitter @abuse_ch

CAPE Sandbox CAPE Sandbox


Top detections by CAPE Sandbox for malware samples on MalwareBazaar.

ClamAV ClamAV


Top detections by ClamAV for malware samples on MalwareBazaar.

Intezer Intezer


Top detections by Intezer for malware samples on MalwareBazaar.

Joe Sandbox Joe Sandbox


Top detections by Joe Sandbox for malware samples on MalwareBazaar.

CERT.PL MWDB CERT.PL MWDB


Top detections by CERT.PL MWDB for malware samples on MalwareBazaar.

ReversingLabs ReversingLabs


Top detections by ReversingLabs Titanium Platform for malware samples on MalwareBazaar.

Threatray Threatray


Top detections by Threatray for malware samples on MalwareBazaar.

Triage Triage


Top detections by Triage for malware samples on MalwareBazaar.

UnpacMe UnpacMe


Top detections by UnpacMe for malware samples on MalwareBazaar.

Most discussed Malware Samples


Most discussed (commented) malware samples on MalwareBazaar.

CommentsMalware SampleTypeSignature
1097bb6f30d2fe5546a810da356e41652d1bccfe2130cf77dec36b9ee17c19259dExcel file xlsDridex
6d9b05da007d51cf86d4a6448d17183ab69a195436fe17b497185149676d0e77bExecutable exeTrickBot
47277388a0a82e85fe6eb38ed47bd5640c74f10be64ee6e9b8610c49b73328859 7zHawkEye
3f4841b9b9006e327d58c8d6fb6e1bb3699d05fcd10fcaf7adcdde47efccb13b3 zipAgentTesla
3e97b35c4339e0412571a445b2fe20e30fe91585cad505820b56a098a66e54c23Executable exeAgentTesla
30994e0972430f7cf02b66c290b6e62666c14da2ca9ad369e7cf5447313dc8550Executable exeTrickBot
3667f88e8dcd4a15529ed02bb20da6ae2e5b195717eb630b20b9732c8573c4e83Word file docPhobos
2df822aa4ae822b89d8f1c6b4afe3f9bf4679b7c9872bd95d3cbfab366a57edcaHTML Application (hta) hta 
22b7bdd0b8bde43d8e9d9a32352a408c5028e2a39c694be064a6ed18d0aa830e7Executable exeStop
2251643f0b539eb872ebeb216f1b71f0f8dc8301276ea63dbfdf10a7267ac7379 zip 

Top File Types


Most seen file types associated with malware samples on MalwareBazaar.

Top imphashes


Most seen imphashes on MalwareBazaar.

Malware SampleimphashTop 4 Signatures
1'251f34d5f2d4577ed6d9ceec516c1f5a744AgentTesla Formbook Loki njrat
2777ea83f3db2bce57a4cf8f786a999acdRaccoonStealer RedLineStealer Smoke Loader Glupteba
234328f7206db519cd4e82283211d98e83RedLineStealer RaccoonStealer LegionLocker AgentTesla
20fcf1390e9ce472c7270447fc5c61a0c1DCRat NanoCore njrat RemcosRAT
19be41bf7b8cc010b614bd36bbca606973DanaBot CryptBot RedLineStealer DarkVNC
18d09a478840961ad890ac4dc4d59be69dSmoke Loader RaccoonStealer RedLineStealer DanaBot
18e65b83417738f666152fabcdb3753ddcRaccoonStealer Glupteba RedLineStealer CryptBot
18c05041e01f84e1ccca9c4451f3b6a383DiamondFox RedLineStealer NanoCore Formbook
14e08a2aae7cff0b5149ba174a3d48f743RedLineStealer RaccoonStealer DanaBot TeamBot
1432569d67dc210c5cb9a759b08da2bdb3RedLineStealer DiamondFox ArkeiStealer CryptBot

Top ssdeep hashes


Most seen ssdeep hashes on MalwareBazaar.

Malware SamplessdeepSignature(s)
83072:/TNVO/QJHZcfFj4rwLQGTNO5VZLwHm7vuQTpZUyY6co:7O/QJHZweEL/NOjCHm7FZZncMirai
512288:RcOqhpe5sWWUgjIkdcCMTOArWe/C36lAnm4vNOpRKa:R7q+sWiItCoCdvRemcosRAT BitRAT
43072:phNlHuBafLeBtfCzpta8xlBIOdVo3/4sxLJ10xio:p3lOYoaja8xzx/0wsxzSiMirai
46144:QopQQy0mOTRcoy3DF/5892Rfx7iZ5a3c+Z5a9B923Aas9NFYtk7gp54t7qgnKj/Q:QeQQYwyzF/B1eSdILkqEpwAg/TSnakeKeylogger
2384:3Wf8yGcSdW+wRsCBkX/l+JVA8p1r/zYVB6MeUogrUr3QAl9ethuZAp:GJKCBcEVA8pt/AB6MI2Ur/lVAp
21536:czvQSZpGS4/31A6mQgL2eYCGDwRcMkVQd8YhY0/EqfIzmd:nSHIG6mQwGmfOQd8YhY0/EqUGLoki Heodo
2768:3ZcPoRy2wlffJVzhYIVAO5i8HxzvblQPFWX:3ZfuBsIeO5i8tvblQPFWXMirai
2384:fIDU0VIjjfvae4zt8XF9489HdTwLvPV5l01yXA1dWJJ:wDU0qjhCWbdELvNr0EQ1dWTMirai
2768:uaGZ3wtzj2vBnrqwepexWIzZLEIoCIoRig7OCW:ua03wtXo3zZLEIoARlOCWMirai
212288:Zc+NeyoDJLR7mWZ2b7B/u43mWZsdzFZRsUj:ERsUj

Top dhash icon


Most seen dhashes of icons from PE32 executables and their signatures.

Malware Sampledhash iconSignature(s)
53b271e8e4d4ccf07015 x AgentTesla, 11 x SnakeKeylogger, 10 x Formbook
48ead8ac9cc6e68ee017 x RaccoonStealer, 9 x RedLineStealer, 7 x DanaBot
38ead8a89cc6e68ea013 x RaccoonStealer, 8 x DanaBot, 7 x RedLineStealer
36ead8ac9cc6e68ea011 x RedLineStealer, 10 x RaccoonStealer, 9 x DanaBot
35ead8a89cc6e68ee011 x RaccoonStealer, 9 x RedLineStealer, 9 x Smoke Loader
3448b9b2b0e8c18c9017 x RaccoonStealer, 5 x Smoke Loader, 3 x Glupteba
32c4b4e6e69898d2c411 x Formbook, 9 x AgentTesla, 3 x Loki
30489669d8d869964810 x AveMariaRAT, 9 x AgentTesla, 4 x NanoCore
29f8dcbeffbffecee813 x AgentTesla, 7 x Formbook, 5 x Loki
254839b2b0e8c38c9010 x RedLineStealer, 9 x RaccoonStealer, 2 x Smoke Loader

Malware sample shared


The chart below shows the number of unique malware samples shared on MalwareBazaar per day over a period of 12 months.


Top Reporters


It wouldn't be possible to operate MalwareBazaar without the help of volunteers who contribute malware samples to MalwareBazaar. The table below shows the top reporters and their Twitter handle.

RankReporterLast activitySubmissions
1Twitter @abuse_ch2021-08-0372'375
2Twitter @lazyactivist1922021-04-2669'725
3Twitter @Cryptolaemus12021-06-1754'205
4Twitter @Seifreed2020-11-1848'946
5Twitter @c4llsec2021-05-1923'982
6Twitter @Libranalysis2021-07-1917'024
7Twitter @JAMESWT_MHT2021-08-0213'857
8Twitter @cocaman2021-08-029'296
9Twitter @SecuriteInfoCom2021-08-039'146
10Twitter @FORMALITYDE2021-06-145'544
11Twitter @jarumlus2020-11-235'257
12Twitter @GovCERT_CH2021-07-305'031
13Twitter @zbetcheckin2021-08-034'952
14Twitter @James_inthe_box2021-08-024'454
15Twitter @ov3rflow12021-04-232'340

Top Malware Families

Top Tags

Most downloaded Malware Samples


Most downloaded malware samples on MalwareBazaar.

DownloadsMalware SampleTypeSignatureReporter
72'02170ab26000929d26e0e4e567bd0dc4158054538485fcfd51dd4b60a534967814b lzhFirebirdRATTwitter @GovCERT_CH
2'605759ef75e133383af768b2be302dc256ad4e6720fb64eda70af76954dd29caf73Word file docPonyTwitter @abuse_ch
2'592f0ad6a854cc6b8511c0499267c59c3e9a987845c912f3da030dd5a2201978385 sh Twitter @ov3rflow1
2'501afb4b0092c76214b9ac99cf9c00ae56163916c04e7713bd56a38abf07a81a7d7 html Twitter @TheGing3rm4n
2'47502419de92a33a88bc17701008182ca9f7ea8d4645311b837b98738acdea83254 sh Twitter @ov3rflow1
2'47510547fbcab56e5eeced75b4db50aac92a2eafe3581ad35018e27ea840b6abcb6Excel file xlsGet2Twitter @ffforward
2'474455e09d22b9e9b172e5cf25a87f70c079bf97edc0295251a42f48211caf5043fVisual Basic Script (vbs) vbs Twitter @creP_R2point0
2'46047b9b9ddc9f9e6c66cd6ea322a51bec7b843502b30db19f119fa59794ee19cd6Excel file xlsTA505Twitter @erdbaerkuchen
2'4607fad486d054e36626a9842c99b2ff58dbf9e264d8faf45b3376afa02f0e829a7 sh Twitter @ov3rflow1
2'4589ad7ce27ce7da3c4b2639771869b20b78fff34f32dab3355c2be2980e708ab07DLL dllGet2Twitter @ffforward
2'446c2577719ac323c385fdae61c336d5582472c2441ac1ec0699ec0948305ae8786 sh Twitter @ov3rflow1
2'441b4e670799c0a241b69b231fd9a1d3c2e2a29b4d4d67c9bf746c01a6f19b0210d sh Twitter @ov3rflow1
2'43761043ee383ff19ba6d5e65e455dd8d1170f1f6365dfb9c9c0764171f519ceb55 sh Twitter @ov3rflow1
2'435cf932ebbd2a2684dec9a823f2c223ef1666a18683dc342f45d71d99508624e88 sh Twitter @ov3rflow1
2'434560393402e176329d8bf14ad5bef7ab8e1d079f62a569600bad6daba2ccd25e3 sh Twitter @ov3rflow1

CAPE Sandbox CAPE Sandbox


Top detections by CAPE Sandbox for malware samples on MalwareBazaar.

ClamAV ClamAV


Top detections by ClamAV for malware samples on MalwareBazaar.

Intezer Intezer


Top detections by Intezer for malware samples on MalwareBazaar.

Joe Sandbox Joe Sandbox


Top detections by Joe Sandbox for malware samples on MalwareBazaar.

CERT.PL MWDB CERT.PL MWDB


Top detections by CERT.PL MWDB for malware samples on MalwareBazaar.

ReversingLabs ReversingLabs


Top detections by ReversingLabs Titanium Platform for malware samples on MalwareBazaar.

Threatray Threatray


Top detections by Threatray for malware samples on MalwareBazaar.

Triage Triage


Top detections by Triage for malware samples on MalwareBazaar.

UnpacMe UnpacMe


Top detections by UnpacMe for malware samples on MalwareBazaar.

Most discussed Malware Samples


Most discussed (commented) malware samples on MalwareBazaar.

CommentsMalware SampleTypeSignature
1097bb6f30d2fe5546a810da356e41652d1bccfe2130cf77dec36b9ee17c19259dExcel file xlsDridex
6d9b05da007d51cf86d4a6448d17183ab69a195436fe17b497185149676d0e77bExecutable exeTrickBot
47277388a0a82e85fe6eb38ed47bd5640c74f10be64ee6e9b8610c49b73328859 7zHawkEye
3f4841b9b9006e327d58c8d6fb6e1bb3699d05fcd10fcaf7adcdde47efccb13b3 zipAgentTesla
3e97b35c4339e0412571a445b2fe20e30fe91585cad505820b56a098a66e54c23Executable exeAgentTesla
30994e0972430f7cf02b66c290b6e62666c14da2ca9ad369e7cf5447313dc8550Executable exeTrickBot
3667f88e8dcd4a15529ed02bb20da6ae2e5b195717eb630b20b9732c8573c4e83Word file docPhobos
2df822aa4ae822b89d8f1c6b4afe3f9bf4679b7c9872bd95d3cbfab366a57edcaHTML Application (hta) hta 
22b7bdd0b8bde43d8e9d9a32352a408c5028e2a39c694be064a6ed18d0aa830e7Executable exeStop
2251643f0b539eb872ebeb216f1b71f0f8dc8301276ea63dbfdf10a7267ac7379 zip 

Top File Types


Most seen file types associated with malware samples on MalwareBazaar.

Top imphashes


Most seen imphashes on MalwareBazaar.

Malware SampleimphashTop 4 Signatures
46'620f34d5f2d4577ed6d9ceec516c1f5a744AgentTesla Formbook Loki njrat
9'777c9f7e018b269f1b5fe81cf757d6f8e93Heodo
8'608987b9d7dc84d935c3675da82d40e06f2Dridex Gozi Tofsee VelvetSweatshopDridex
3'22487bed5a7cba00c7e1f4015f1bdae2183IcedID TrickBot Netsky Rapid
2'180433637d5d88b1ab11a7e5bfc30abfe93Dridex
1'95850f8a2255c4baf188eb0098c86160f78Heodo
1'723d20e8b584b1e294911b88a699c987910Dridex
1'586f71b9cb9891e9cf4bae79d2b5aa115c6Dridex
1'506015974618e9105226f001019d35e62e5Quakbot
1'451676f4bc1db7fb9f072b157186a10179eAveMariaRAT Riskware.Generic QuasarRAT

Top ssdeep hashes


Most seen ssdeep hashes on MalwareBazaar.

Malware SamplessdeepSignature(s)
1'12412288:J2+J+l5QvSoOUkQNPRoswLLjfsHJNF05s:AJl5QrrkQFCHspN4Quakbot
1'12312288:U2+J+l5QvSoOUkQGPRoswLLjfsHJNF05F:PJl5QrrkQOCHspN4Quakbot
1'12112288:l2+J+l5QvSoOUkQiPRoswLLjfsHJNF05h:8Jl5QrrkQaCHspN4Quakbot
3733072:IFNthWQl/rSJ7lvt9filcZritkrINAEYsm2:IBhWQ/mJLflrOAp2Gozi Heodo
30712288:xyP2Md2hn+tDKFtKwK5KLK6KYK5KlK3K1aoNl7Mv+lwVwy:grdO+tDKFQoNOmlTrickBot
180384:/nqmQF9b8PdvtUuiyaFwrEnO2/7vUU2aGcuFjqZ5g:Sme9bodlpkqkOOjUdaGciq5gQuakbot
180384:PnqmQF9b8PdvtUuiyaFwrEnO2/7vUyV2aGcuFjqZUb:Cme9bodlpkqkOOjU/aGciqUbQuakbot
180384:fnqmQF9b8PdvtUuiyaFwrEnO2/7vUU2aGcuFjqZ5g:yme9bodlpkqkOOjUdaGciq5gQuakbot
179384:/nqmQF9b8PdvtUuiyaFwrEnO2/7vUjqN2aGcuFjqZM:Sme9bodlpkqkOOjUjqgaGciqMQuakbot
179384:/nqmQF9b8PdvtUuiyaFwrEnO2/7vUyV2aGcuFjqZUb:Sme9bodlpkqkOOjU/aGciqUbQuakbot

Top dhash icon


Most seen dhashes of icons from PE32 executables and their signatures.

Malware Sampledhash iconSignature(s)
53b271e8e4d4ccf07015 x AgentTesla, 11 x SnakeKeylogger, 10 x Formbook
48ead8ac9cc6e68ee017 x RaccoonStealer, 9 x RedLineStealer, 7 x DanaBot
38ead8a89cc6e68ea013 x RaccoonStealer, 8 x DanaBot, 7 x RedLineStealer
36ead8ac9cc6e68ea011 x RedLineStealer, 10 x RaccoonStealer, 9 x DanaBot
35ead8a89cc6e68ee011 x RaccoonStealer, 9 x RedLineStealer, 9 x Smoke Loader
3448b9b2b0e8c18c9017 x RaccoonStealer, 5 x Smoke Loader, 3 x Glupteba
32c4b4e6e69898d2c411 x Formbook, 9 x AgentTesla, 3 x Loki
30489669d8d869964810 x AveMariaRAT, 9 x AgentTesla, 4 x NanoCore
29f8dcbeffbffecee813 x AgentTesla, 7 x Formbook, 5 x Loki
254839b2b0e8c38c9010 x RedLineStealer, 9 x RaccoonStealer, 2 x Smoke Loader