Statistics

MalwareBazaar produces various statistics on malware samples shared, including their detections. The available statistics can be found below.

Past 14 days
Overall

Malware sample shared

The chart below shows the number of unique malware samples shared on MalwareBazaar per day over a period of 30 days.

Top Reporters

It wouldn't be possible to operate MalwareBazaar without the help of volunteers who contribute malware samples to MalwareBazaar. The table below shows the top reporters and their Twitter handle.

Rank	Reporter	Last activity	Submissions
1	@zbetcheckin	2021-10-22	1'534
2	@abuse_ch	2021-10-22	1'514
3	@GovCERT_CH	2021-10-22	391
4	@SecuriteInfoCom	2021-10-22	336
5	@cocaman	2021-10-22	270
6	@tolisec	2021-10-22	256
7	@pr0xylife	2021-10-22	143
8	@lowmal3	2021-10-22	130
9	@JAMESWT_MHT	2021-10-22	103
10	@malwarelabnet	2021-10-22	98
11	@unidentified0xc	2021-10-16	80
12	@adrian__luca	2021-10-22	65
13	@JaffaCakes118	2021-10-22	63
14	@James_inthe_box	2021-10-22	57
15	@info_sec_ca	2021-10-22	23

Top Malware Families

Top Tags

Most matching YARA rules

YARA rules that matched most on malware samples in MalwareBazaar.

Malware Samples	YARA rule	Author	Last match
1'393	Skystars_Malware_Imphash	Skystars LightDefender	2021-10-22
1'393	pe_imphash		2021-10-22
846	unixredflags3	Tim Brown @timb_machine	2021-10-22
771	linux_generic_ipv6_catcher	@_lubiedo	2021-10-22
448	INDICATOR_SUSPICIOUS_Stomped_PECompilation_Timestamp_InTheFuture	ditekSHen	2021-10-22
263	AgentTeslaV3	ditekshen	2021-10-22
263	win_agent_tesla_v1	Johannes Bader @viql	2021-10-22
263	MALWARE_Win_AgentTeslaV3	ditekSHen	2021-10-22
260	ach_AgentTesla_20200929	abuse.ch	2021-10-22
235	SUSP_XORed_Mozilla	Florian Roth	2021-10-22
235	SUSP_XORed_Mozilla_RID2DB4	Florian Roth	2021-10-22
208	BitcoinAddress	Didier Stevens (@DidierStevens)	2021-10-22
204	MALWARE_Win_RedLine	ditekSHen	2021-10-22
185	SUSP_ELF_LNX_UPX_Compressed_File	Florian Roth	2021-10-22
170	enterpriseapps2	Tim Brown @timb_machine	2021-10-22

Most downloaded Malware Samples

Most downloaded malware samples on MalwareBazaar.

Downloads	Malware Sample	Type	Signature	Reporter
554	94036ecca794753179e68c331482c2b42b0c06a067169c8b004fad4e7dda673a	exe	RaccoonStealer	@abuse_ch
548	3737e2198a159ed5a530bf687d8cb40ca6c284db86d4bd076affefffc3a5ef0a	exe	ShikataGaNai	@zbetcheckin
544	ee72d76436717cfab41a33950d641e7e6820d23369b21fe937cc2fc2549c6869	exe	RaccoonStealer	@abuse_ch
543	175857c3f9480499cf56d30f394f885d51ac9ef05bbc1d6bd86d3b4af393c261	exe	RaccoonStealer	@abuse_ch
540	40c987e5f3c9bd1cd458ac2212623378e5c9832190371e232e48a726221db255	exe	RedLineStealer	Anonymous
536	afe55746d2518c2515aa74761b02e6f7236de7bb1baefd81230fa9411628bee1	exe	RedLineStealer	Anonymous
535	9534643f38e9d47c07b32097a951351d0b24da96927b5dc8f9e84e9cb371915e	exe	RedLineStealer	Anonymous
534	e1cc6919dab72162001993bd37c43673104428f21b696bd51e934112f8cfbb35	exe	njrat	@abuse_ch
529	c7faae85681abe125b9a81b798daf845c62ddab8014784b6fd1b184b02d5a22b	exe	RedLineStealer	Anonymous
523	cc98ee14bc8504ed2dae9d010c7f209775de51f9f31086814e2fb6b42baa7cb5	exe	RaccoonStealer	@abuse_ch
519	97dbb2b9d161dd2b5f26eb48acef6ef70701b75a75b2d281e3dbb7fd946de319	exe	RaccoonStealer	@abuse_ch
514	0be3682accde2a88d78e2516998a4e19a01d116a1a66fadf903b60326b92cca8	exe	AgentTesla	@SecuriteInfoCom
513	b43dde5ca3d23d16af5bf34c522869dff9624a78be67dfc3acde5c81ef24d318	exe	OskiStealer	@abuse_ch
507	e45562980424366481dbd17982b5773aa120d0c6410a0d45ef4daa156ca7c478	exe	RaccoonStealer	@abuse_ch
507	6c2ad98af84288aff6f49ae92f9f71befbfaa4ac35d1a05b1441f1ce15124ee0	exe	TeamBot	@abuse_ch

CAPE Sandbox

Top detections by CAPE Sandbox for malware samples on MalwareBazaar.

ClamAV

Top detections by ClamAV for malware samples on MalwareBazaar.

Intezer

Top detections by Intezer for malware samples on MalwareBazaar.

Joe Sandbox

Top detections by Joe Sandbox for malware samples on MalwareBazaar.

CERT.PL MWDB

Top detections by CERT.PL MWDB for malware samples on MalwareBazaar.

ReversingLabs

Top detections by ReversingLabs Titanium Platform for malware samples on MalwareBazaar.

Threatray

Top detections by Threatray for malware samples on MalwareBazaar.

Triage

Top detections by Triage for malware samples on MalwareBazaar.

UnpacMe

Top detections by UnpacMe for malware samples on MalwareBazaar.

VMRay

Top detections by VMRay for malware samples on MalwareBazaar.

FileScan.IO

Top classifications by FileScan.IO for malware samples on MalwareBazaar.

Most discussed Malware Samples

Most discussed (commented) malware samples on MalwareBazaar.

Comments	Malware Sample	Type	Signature
10	97bb6f30d2fe5546a810da356e41652d1bccfe2130cf77dec36b9ee17c19259d	xls	Dridex
6	d9b05da007d51cf86d4a6448d17183ab69a195436fe17b497185149676d0e77b	exe	TrickBot
4	7277388a0a82e85fe6eb38ed47bd5640c74f10be64ee6e9b8610c49b73328859	7z	HawkEye
3	f4841b9b9006e327d58c8d6fb6e1bb3699d05fcd10fcaf7adcdde47efccb13b3	zip	AgentTesla
3	e97b35c4339e0412571a445b2fe20e30fe91585cad505820b56a098a66e54c23	exe	AgentTesla
3	0994e0972430f7cf02b66c290b6e62666c14da2ca9ad369e7cf5447313dc8550	exe	TrickBot
3	667f88e8dcd4a15529ed02bb20da6ae2e5b195717eb630b20b9732c8573c4e83	doc	Phobos
2	df822aa4ae822b89d8f1c6b4afe3f9bf4679b7c9872bd95d3cbfab366a57edca	hta
2	2b7bdd0b8bde43d8e9d9a32352a408c5028e2a39c694be064a6ed18d0aa830e7	exe	Stop
2	251643f0b539eb872ebeb216f1b71f0f8dc8301276ea63dbfdf10a7267ac7379	zip

Top File Types

Most seen file types associated with malware samples on MalwareBazaar.

Top imphashes

Most seen imphashes on MalwareBazaar.

Malware Sample	imphash	Top 4 Signatures
1'230	f34d5f2d4577ed6d9ceec516c1f5a744	AgentTesla Formbook Loki njrat
183	b76363e9cb88bf9390860da8e50999d2	Formbook AgentTesla SnakeKeylogger Loki
63	4328f7206db519cd4e82283211d98e83	RedLineStealer DCRat RaccoonStealer CoinMiner
28	fcf1390e9ce472c7270447fc5c61a0c1	NanoCore DCRat njrat RemcosRAT
18	0aa8675e96bbc2351e2af940f447c93e	RedLineStealer Loki Smoke Loader Stop
16	c7269d59926fa4252270f407e4dab043	ServHelper CobaltStrike
16	33155a730e036f2480434cae8e547169	RaccoonStealer CryptBot TeamBot DanaBot
15	25e96726029c322936cf0033b6a07058	RedLineStealer Smoke Loader Formbook Loki
14	c05041e01f84e1ccca9c4451f3b6a383	DiamondFox RedLineStealer RaccoonStealer Adware.FileTour
14	be41bf7b8cc010b614bd36bbca606973	DanaBot CryptBot RedLineStealer DarkVNC

Top ssdeep hashes

Most seen ssdeep hashes on MalwareBazaar.

Malware Sample	ssdeep	Signature(s)
8	1536:S5Z4fJ6tL/yXFeL5zvL5nrHwcA7WhKpQY:S5ZIs5LL5nEcAihWN	Mirai
6	1536:EaDIpuRZhJRAAMA+xVZtWaWhK3+y6MdD:EaIe6ZtWhhQ1dD	Mirai
6	6144:5Kpb8rGYrMPe3q7Q0XV5xtuEsi8/dg59jWvcZZdtjq15OD7IvOEPD0lgvS3enw7I:U9jFrjmkD7IvLDK3vLvfn1+2G	SilentBuilder
6	1536:StnwsWjjS5+8hEWZc+mQM4fJL4Okw/RqO1do3YpPz9I5iY5UJ/k:MWjA+QEWZbbZx4OjcO3o3H5UJ/k	Mirai
5	6144:5Kpb8rGYrMPe3q7Q0XV5xtuEsi8/dg59jWvcZZdtjq15OD7IvOEPD0lgvS3enw7o:U9jFrjmkD7IvLDK3vLvfn1+2m	SilentBuilder
5	1536:czvQSZpGS4/31A6mQgL2eYCGDwRcMkVQd8YhY0/EqfIzmd:nSHIG6mQwGmfOQd8YhY0/EqUG	Loki Heodo
4	12288:Zz7yBuBh3IpMiw4Ef6MU4ntMe1AofagCuOqPQkH5a:VwuBhfkMUe11fCuZPt	Quakbot
4	12288:7NP2qgMhn9VbKac3cM15xIKR5pduDkgcKOuCEUz+ovYJXA8ZRA5cXO/+uBY2F0cC:RPp2abM15xIxD4KXJg/vYRbKDBhF1TSz	TrickBot
4	12288:Jz7yBuBh3IpMiw4Ef6MU4ntMe1AofagCuOqPQkH59:FwuBhfkMUe11fCuZPt	Quakbot
3	12288:+z7yduBV3IpMiw44f6Mw4ntMe5AofygCuOqPLkH5:mMuBVfQMwe51HCuZPQ	Quakbot

Top dhash icon

Most seen dhashes of icons from PE32 executables and their signatures.

Malware Sample	dhash icon	Signature(s)
118	b2a89c96a2cada72	56 x Formbook, 25 x Loki, 9 x AgentTesla
56	ead8ac9cc6a68ee0	31 x RedLineStealer, 7 x Smoke Loader, 5 x DanaBot
47	1003873d31213f10	42 x GuLoader, 2 x Formbook, 1 x Gozi
35	69e1c892f664c888	32 x GuLoader, 3 x AgentTesla
27	aad8ac9cc6a68ee0	10 x RedLineStealer, 5 x Smoke Loader, 5 x RaccoonStealer
26	71b119dcce576333	23 x TrickBot, 3 x BazaLoader
25	ead8ac9cc6e68ee0	8 x RedLineStealer, 4 x ArkeiStealer, 3 x Smoke Loader
25	88a28e9494aa94d2	14 x AgentTesla, 5 x Formbook, 2 x AsyncRAT
22	e884030dcedeb4e8	12 x AgentTesla, 7 x Loki, 1 x NanoCore
21	c4f0d0d4d0d4d4d4	13 x RemcosRAT, 7 x Formbook, 1 x AveMariaRAT