Statistics

MalwareBazaar produces various statistics on malware samples shared, including their detections. The available statistics can be found below.

Past 14 days
Overall

Malware sample shared

The chart below shows the number of unique malware samples shared on MalwareBazaar per day over a period of 30 days.

Top Reporters

It wouldn't be possible to operate MalwareBazaar without the help of volunteers who contribute malware samples to MalwareBazaar. The table below shows the top reporters and their Twitter handle.

Rank	Reporter	Last activity	Submissions
1	@abuse_ch	2023-03-20	1'791
2	@zbetcheckin	2023-03-20	1'088
3	@ChainskiLabs	2023-03-20	389
4	@elfdigest	2023-03-20	283
5	@cocaman	2023-03-20	239
6	@andretavare5	2023-03-20	224
7	@JAMESWT_MHT	2023-03-20	223
8	@petikvx	2023-03-20	191
9	@SecuriteInfoCom	2023-03-20	151
10	@adrian__luca	2023-03-20	145
11	@lowmal3	2023-03-17	134
12	@jstrosch	2023-03-20	114
13	@pr0xylife	2023-03-20	101
14	@James_inthe_box	2023-03-19	78
15	@fabiodemartin	2023-03-20	67

Top Malware Families

Top Tags

Most matching YARA rules

YARA rules that matched most on malware samples in MalwareBazaar.

Malware Samples	YARA rule	Author	Last match
1'143	Skystars_Malware_Imphash	Skystars LightDefender	2023-03-20
1'142	pe_imphash	None	2023-03-20
907	pdb_YARAify	@wowabiy314	2023-03-20
789	Windows_Trojan_Smokeloader_3687686f	Elastic Security	2023-03-20
674	linux_generic_ipv6_catcher	@_lubiedo	2023-03-20
648	myMirai	None	2023-03-20
599	MALWARE_Win_RedLine	ditekSHen	2023-03-20
554	unixredflags3	Tim Brown @timb_machine	2023-03-20
540	BitcoinAddress	Didier Stevens (@DidierStevens)	2023-03-20
360	Linux_Trojan_Gafgyt_28a2fe0c	Elastic Security	2023-03-20
325	meth_get_eip	Willi Ballenthin	2023-03-20
307	shellcode	nex	2023-03-20
305	setsockopt	Tim Brown @timb_machine	2023-03-20
237	PE_Digital_Certificate	albertzsigovits	2023-03-20
214	PE_Potentially_Signed_Digital_Certificate	albertzsigovits	2023-03-20

Most downloaded Malware Samples

Most downloaded malware samples on MalwareBazaar.

Downloads	Malware Sample	Type	Signature	Reporter
885	d0c1ac6f5df5c198d890adcc7f7f7cd6b8c9b9c81f78175677d45c5c045938dd	js	STRRAT	@abuse_ch
884	f5e9af8a842e3d0ab3b48e83151a43a1514ed4f8772da1819d27558b62901b3b	exe	AveMariaRAT	@abuse_ch
876	75e794dd1ddfe6d2585dc9031c32fa1c27515d08476d7d2dd52dd650bfbb934d	exe	njrat	@abuse_ch
865	061c271c0617e56aeb196c834fcab2d24755afa50cd95cc6a299d76be496a858	exe	Gozi	@0xToxin
847	89bad8eeff38f1e5ea58348314ee05352b1eb22d3a4ee8c15be9d0098779487e	exe	RedLineStealer	@zbetcheckin
774	f094258e2cc0b89d4ebac6f87e9061a13698435614fddc95b855718dd3e0c31c	exe	RedLineStealer	@abuse_ch
773	5bebe0a5a633bb72179113bca4fe7d0ac366ad77160eb85eeef4f7d8fdd29846	exe	DCRat	@abuse_ch
768	287c6eb55dc5eab6eb08b4345626b37569f8addb9c29ff12a8fabe2d9852d650	exe	RecordBreaker	@abuse_ch
674	07fa172e1404c76738226cefc6e5d45559430c9946e419ed089d9ae5690783f9	exe	Loki	@abuse_ch
673	09ddb64646d92e7c0187a53719ce98c46caad936ff3c525dcca29ea27db2a7cb	exe		@SecuriteInfoCom
648	3abea4ab1fa4c8497722e9b58c5981fbc90fefe5a1d0bda707bdabfe3c1bdb1f	exe	AveMariaRAT	@abuse_ch
622	1800b167dbdf8e9516259296c65c7039763a34900d55bb4a4ddb1b38785b323e	exe	njrat	@abuse_ch
610	6ecbc0d9795b7fa1869f113c5a05fca4d8ff17f2312ac8f973277989cf64a67b	exe	AsyncRAT	@ChainskiLabs
595	33a74190a5d5c9bf019083aeb8068c676ca044e3bf5d25d03ccbad22ee7b59f3	exe	DCRat	@abuse_ch
592	296985e566c978fc095ae09686f69f8ddc80a2b6f6b26dfab6ce11ddf7daab02	exe	AgentTesla	@zbetcheckin

ANY.RUN

Top detections by ANY.RUN for malware samples on MalwareBazaar.

CAPE Sandbox

Top detections by CAPE Sandbox for malware samples on MalwareBazaar.

ClamAV

Top detections by ClamAV for malware samples on MalwareBazaar.

Intezer

Top detections by Intezer for malware samples on MalwareBazaar.

Joe Sandbox

Top detections by Joe Sandbox for malware samples on MalwareBazaar.

CERT.PL MWDB

Top detections by CERT.PL MWDB for malware samples on MalwareBazaar.

ReversingLabs

Top detections by ReversingLabs Titanium Platform for malware samples on MalwareBazaar.

Threatray

Top detections by Threatray for malware samples on MalwareBazaar.

Triage

Top detections by Triage for malware samples on MalwareBazaar.

UnpacMe

Top detections by UnpacMe for malware samples on MalwareBazaar.

VMRay

Top detections by VMRay for malware samples on MalwareBazaar.

FileScan.IO

Top classifications by FileScan.IO for malware samples on MalwareBazaar.

Most discussed Malware Samples

Most discussed (commented) malware samples on MalwareBazaar.

Comments	Malware Sample	Type	Signature
10	97bb6f30d2fe5546a810da356e41652d1bccfe2130cf77dec36b9ee17c19259d	xls	Dridex
6	d9b05da007d51cf86d4a6448d17183ab69a195436fe17b497185149676d0e77b	exe	TrickBot
4	7277388a0a82e85fe6eb38ed47bd5640c74f10be64ee6e9b8610c49b73328859	7z	HawkEye
3	f4841b9b9006e327d58c8d6fb6e1bb3699d05fcd10fcaf7adcdde47efccb13b3	zip	AgentTesla
3	e97b35c4339e0412571a445b2fe20e30fe91585cad505820b56a098a66e54c23	exe	AgentTesla
3	0994e0972430f7cf02b66c290b6e62666c14da2ca9ad369e7cf5447313dc8550	exe	TrickBot
3	667f88e8dcd4a15529ed02bb20da6ae2e5b195717eb630b20b9732c8573c4e83	doc	Phobos
2	df822aa4ae822b89d8f1c6b4afe3f9bf4679b7c9872bd95d3cbfab366a57edca	hta
2	2b7bdd0b8bde43d8e9d9a32352a408c5028e2a39c694be064a6ed18d0aa830e7	exe	Stop
2	251643f0b539eb872ebeb216f1b71f0f8dc8301276ea63dbfdf10a7267ac7379	zip

Top File Types

Most seen file types associated with malware samples on MalwareBazaar.

Top imphashes

Most seen imphashes on MalwareBazaar.

Malware Sample	imphash	Top 4 Signatures
1'067	f34d5f2d4577ed6d9ceec516c1f5a744	AgentTesla Formbook SnakeKeylogger Loki
187	61259b55b8912888e90f516ca08dc514	Formbook AgentTesla GuLoader SnakeKeylogger
99	646167cce332c1c252cdcb1839e0cf48	RedLineStealer Amadey njrat Smoke Loader
78	d5555405ac36a198d312d7dfaf56a1ed	RedLineStealer Amadey Rhadamanthys Stop
47	8b512f0a0b2cd54ff600ee8ace8b2bd0	RedLineStealer Amadey Rhadamanthys Smoke Loader
43	6585b9b9ad7d80299a944a8f7e11d434	RedLineStealer Amadey Smoke Loader
43	9c97db954c6eab8dfde4a4fd207d98cc	RedLineStealer Amadey Stop LaplasClipper
30	a567e4b58eb4a1e8b4fddc91e9b45967	RedLineStealer Amadey LaplasClipper
26	884310b1928934402ea6fec1dbd3cf5e	GCleaner RedLineStealer Socelars Adware.InstallCore
25	a4182fd8d83730115cc46da88cd0978c	Amadey RedLineStealer Smoke Loader Gozi

Top ssdeep hashes

Most seen ssdeep hashes on MalwareBazaar.

Malware Sample	ssdeep	Signature(s)
9	768:Oa2vU7eng2qGJert7LrLMU6fgatQh+YbT/9+m3CZQoV/bnmCozw:Oa4U7G7SvT6ftBTm3KVrmCo8	Mirai
6	1536:PaAtVnz1/mUUNztiYmW6ihiYLTofs3wfpWIDNEJ7JC7:P/tVz1eUUfwN0T0f+whWONEJ7J	Mirai
5	12288:zNfg7ayYgZHRXnW0liwD8L9GlB/TSJRBzfVE/+AqD0eBkvkJl6h4MEFvhAkRoAG5:zRTyV2ZxybQvh9RoOUzux82V8P	Pikabot
5	24576:m1F4VX4ZsIETa80JWFst9LqGfEBz9terTMH9MbMx9upUenl6O:m1FWWbETahMszqGfu0rYHqbMxQpPl	RedLineStealer Amadey
4	6144:x5UguSWlTtbveMH2QRObpNSEmV5cvWeKwDWusJkUpCvpniMWJlHQhynq3W4qOmc/:x5JGFveBQETwyjdJiGEEgSo5Xw	Fabookie
4	24576:0LdkRpGh0fHRQSSbvuODeV8CBrRiO4rTdTlJr/fYO:eko0vRzSPDARizTlPr	RedLineStealer
4	24576:bogX4PvpDseL3ckNcZQrKxl3fXZ16b4PEPtYn1h7Xn6iZGyF:bdoPLrcepKfBG4PEED7XF	Amadey RedLineStealer
4	24576:hogX4PvpDseL3ckNcZQrKxl3fXZ16b4PEPtYn1h7Xn6iZGyF:hdoPLrcepKfBG4PEED7XF	RedLineStealer Amadey
3	24576:O1F4VX4ZsIETa80JWFst9LqGfEBz9terTMH9MbMx9upUenl6O:O1FWWbETahMszqGfu0rYHqbMxQpPl	RedLineStealer
3	24576:YLdkRpGh0fHRQSSbvuODeV8CBrRiO4rTdTlJr/fYO:Kko0vRzSPDARizTlPr	Amadey RedLineStealer

Top dhash icon

Most seen dhashes of icons from PE32 executables and their signatures.

Malware Sample	dhash icon	Signature(s)
117	b2a89c96a2cada72	46 x Formbook, 39 x AgentTesla, 15 x SnakeKeylogger
100	f8f0f4c8c8c8d8f0	92 x RedLineStealer, 3 x Amadey, 1 x Lu0Bot
34	eeacac8cb6e2ba86	24 x SnakeKeylogger, 7 x AgentTesla
31	8ceaaa9abaa6ba00	31 x CryptBot
30	b298acbab2ca7a72	22 x GCleaner, 1 x RedLineStealer, 1 x LummaStealer
30	0000000000000000	4 x AgentTesla, 4 x RemcosRAT, 3 x AsyncRAT
29	d49e21a296968660	11 x AgentTesla, 9 x Loki, 8 x SnakeKeylogger
28	0018dac28a8eb898	18 x RedLineStealer, 10 x Amadey
28	70f0e6d4cca8f070	15 x AgentTesla, 6 x SnakeKeylogger, 5 x Loki
27	63032a23030a4222	23 x RedLineStealer, 4 x Amadey