Statistics

Top Reporters Signatures (Malware Family) Most downloaded Malware Samples Most discussed Malware Samples Most used tags Clamav signature ReversingLabs CAPE Sandbox CERT.PL MWDB File Types imphashes ssdeep

Number of submissions (past 30 days)

The chart below documents the number of submissions (unique malware samples) to MalwareBazaar per day over a period of 30 days.

Top Reporters

It wouldn't be possible to operate MalwareBazaar without the help of volunteers who contribute malware samples to MalwareBazaar. The table below shows the top reporters and their Twitter handle.

Rank	Reporter	Submissions
1	@lazyactivist192	69'725
2	@abuse_ch	64'474
3	@Cryptolaemus1	54'191
4	@Seifreed	48'946
5	@c4llsec	20'907
6	@JAMESWT_MHT	13'098
7	@Libranalysis	11'453
8	@SecuriteInfoCom	8'442
9	@cocaman	7'471
10	@FORMALITYDE	5'539
11	@jarumlus	5'257
12	@GovCERT_CH	4'131
13	@James_inthe_box	3'687
14	@ov3rflow1	2'340
15	@Jouliok	1'960

Top Malware Family

Most seen malware family (signature) associated with malware samples on MalwareBazaar.

Most downloaded Malware Samples

Most downloaded malware samples on MalwareBazaar.

Downloads	Malware Sample	Type	Signature	Reporter
72'005	70ab26000929d26e0e4e567bd0dc4158054538485fcfd51dd4b60a534967814b	lzh	FirebirdRAT	@GovCERT_CH
2'575	f0ad6a854cc6b8511c0499267c59c3e9a987845c912f3da030dd5a2201978385	sh		@ov3rflow1
2'492	afb4b0092c76214b9ac99cf9c00ae56163916c04e7713bd56a38abf07a81a7d7	html		@TheGing3rm4n
2'467	02419de92a33a88bc17701008182ca9f7ea8d4645311b837b98738acdea83254	sh		@ov3rflow1
2'465	455e09d22b9e9b172e5cf25a87f70c079bf97edc0295251a42f48211caf5043f	vbs		@creP_R2point0
2'457	5470f0644589685000154cb7d3f60280acb16e39ca961cce2c016078b303bc1b	unknown		@Threat_hunts
2'452	7fad486d054e36626a9842c99b2ff58dbf9e264d8faf45b3376afa02f0e829a7	sh		@ov3rflow1
2'441	c2577719ac323c385fdae61c336d5582472c2441ac1ec0699ec0948305ae8786	sh		@ov3rflow1
2'439	42f8b10e4051c44e24067701b80674ac907fb49435cbb300e6b3fd6902d3de27	unknown		@ov3rflow1
2'439	37ed866abc19465aa2172d651bbd3ffe2836add54ba3065ff7189f1a75410d9f	unknown		@Marco_Ramilli
2'437	b4e670799c0a241b69b231fd9a1d3c2e2a29b4d4d67c9bf746c01a6f19b0210d	sh		@ov3rflow1
2'432	61043ee383ff19ba6d5e65e455dd8d1170f1f6365dfb9c9c0764171f519ceb55	sh		@ov3rflow1
2'431	cf932ebbd2a2684dec9a823f2c223ef1666a18683dc342f45d71d99508624e88	sh		@ov3rflow1
2'428	560393402e176329d8bf14ad5bef7ab8e1d079f62a569600bad6daba2ccd25e3	sh		@ov3rflow1
2'428	eb4fdda796cd2cfef2d7ba81951817d4dbda6b777ea0f55e83b9307fb5bd6145	sh		@ov3rflow1

Most discussed Malware Samples

Most discussed (commented) malware samples on MalwareBazaar.

Comments	Malware Sample	Type	Signature
11	ee52f756ae355c07f18ff833fb4277c78be6d673f33a7a1a2f0f246e9ebff910	unknown
10	97bb6f30d2fe5546a810da356e41652d1bccfe2130cf77dec36b9ee17c19259d	xls	Dridex
6	d9b05da007d51cf86d4a6448d17183ab69a195436fe17b497185149676d0e77b	exe	TrickBot
4	7277388a0a82e85fe6eb38ed47bd5640c74f10be64ee6e9b8610c49b73328859	7z	HawkEye
3	e97b35c4339e0412571a445b2fe20e30fe91585cad505820b56a098a66e54c23	exe	AgentTesla
3	f4841b9b9006e327d58c8d6fb6e1bb3699d05fcd10fcaf7adcdde47efccb13b3	zip
3	0994e0972430f7cf02b66c290b6e62666c14da2ca9ad369e7cf5447313dc8550	exe	TrickBot
3	667f88e8dcd4a15529ed02bb20da6ae2e5b195717eb630b20b9732c8573c4e83	doc	Phobos
2	6931b124d38d52bd7cdef48121fda457d407b63b59bb4e6ead4ce548f4bbb971	exe	DarkSide
2	69fac4fe77b6da550498724f01e6db66d5c18a19c185d824bf62afdaccb0a7d6	exe	Tinymet

Top Tags

Most seen tags associated with malware samples on MalwareBazaar.

Top ClamAV signature

Most seen ClamAV signature detecting malware samples on MalwareBazaar.

ReversingLabs

Top threat name matching malware samples on MalwareBazaar.

CAPE Sandbox

Top detection matching malware samples on MalwareBazaar.

CERT.PL MWDB

Top malware family on MalwareBazaar.

Top File Types

Most seen file types associated with malware samples on MalwareBazaar.

Top imphashes

Most seen imphashes on MalwareBazaar.

Malware Sample	imphash	Top 4 Signatures
39'551	f34d5f2d4577ed6d9ceec516c1f5a744	AgentTesla Formbook njrat NanoCore
9'777	c9f7e018b269f1b5fe81cf757d6f8e93	Heodo
6'720	987b9d7dc84d935c3675da82d40e06f2	Dridex Gozi Tofsee
3'221	87bed5a7cba00c7e1f4015f1bdae2183	IcedID Netsky Rapid njrat
2'180	433637d5d88b1ab11a7e5bfc30abfe93	Dridex
1'958	50f8a2255c4baf188eb0098c86160f78	Heodo
1'506	015974618e9105226f001019d35e62e5	Quakbot
1'451	676f4bc1db7fb9f072b157186a10179e	AveMariaRAT Riskware.Generic QuasarRAT
1'408	b84fd50f2389cfd5bd83e2cf062986d1	Dridex
1'397	afcdf79be1557326c854b6e20cb900a7	AgentTesla RemcosRAT NanoCore QuasarRAT

Top ssdeep hashes

Most seen ssdeep hashes on MalwareBazaar.

Malware Sample	ssdeep	Signature(s)
1'124	12288:J2+J+l5QvSoOUkQNPRoswLLjfsHJNF05s:AJl5QrrkQFCHspN4	Quakbot
1'123	12288:U2+J+l5QvSoOUkQGPRoswLLjfsHJNF05F:PJl5QrrkQOCHspN4	Quakbot
1'121	12288:l2+J+l5QvSoOUkQiPRoswLLjfsHJNF05h:8Jl5QrrkQaCHspN4	Quakbot
373	3072:IFNthWQl/rSJ7lvt9filcZritkrINAEYsm2:IBhWQ/mJLflrOAp2	Gozi Heodo
307	12288:xyP2Md2hn+tDKFtKwK5KLK6KYK5KlK3K1aoNl7Mv+lwVwy:grdO+tDKFQoNOml	TrickBot
180	384:fnqmQF9b8PdvtUuiyaFwrEnO2/7vUU2aGcuFjqZ5g:yme9bodlpkqkOOjUdaGciq5g	Quakbot
180	384:PnqmQF9b8PdvtUuiyaFwrEnO2/7vUyV2aGcuFjqZUb:Cme9bodlpkqkOOjU/aGciqUb	Quakbot
180	384:/nqmQF9b8PdvtUuiyaFwrEnO2/7vUU2aGcuFjqZ5g:Sme9bodlpkqkOOjUdaGciq5g	Quakbot
179	384:/nqmQF9b8PdvtUuiyaFwrEnO2/7vUjqN2aGcuFjqZM:Sme9bodlpkqkOOjUjqgaGciqM	Quakbot
179	384:/nqmQF9b8PdvtUuiyaFwrEnO2/7vUyV2aGcuFjqZUb:Sme9bodlpkqkOOjU/aGciqUb	Quakbot