Statistics

MalwareBazaar produces various statistics on malware samples shared, including their detections. The available statistics can be found below.

Past 14 days
Overall

Malware sample shared

The chart below shows the number of unique malware samples shared on MalwareBazaar per day over a period of 30 days.

Top Reporters

It wouldn't be possible to operate MalwareBazaar without the help of volunteers who contribute malware samples to MalwareBazaar. The table below shows the top reporters and their Twitter handle.

Rank	Reporter	Last activity	Submissions
1	@zbetcheckin	2022-05-26	2'226
2	@abuse_ch	2022-05-26	1'033
3	@SecuriteInfoCom	2022-05-26	465
4	@GovCERT_CH	2022-05-26	298
5	@tolisec	2022-05-25	294
6	@JAMESWT_MHT	2022-05-26	283
7	@cocaman	2022-05-26	258
8	@pr0xylife	2022-05-26	211
9	@TeamDreier	2022-05-24	177
10	@httsmvkcom	2022-05-23	162
11	@lowmal3	2022-05-25	158
12	@obfusor	2022-05-26	136
13	@malwarelabnet	2022-05-26	78
14	@James_inthe_box	2022-05-26	76
15	@JaffaCakes118	2022-05-24	60

Top Malware Families

Top Tags

Most matching YARA rules

YARA rules that matched most on malware samples in MalwareBazaar.

Malware Samples	YARA rule	Author	Last match
1'485	pe_imphash		2022-05-26
1'485	Skystars_Malware_Imphash	Skystars LightDefender	2022-05-26
822	crime_win64_emotet_unpacked	Rony (r0ny_123)	2022-05-26
517	linux_generic_ipv6_catcher	@_lubiedo	2022-05-25
512	myMirai		2022-05-26
392	unixredflags3	Tim Brown @timb_machine	2022-05-25
274	BitcoinAddress	Didier Stevens (@DidierStevens)	2022-05-26
272	MALWARE_Win_RedLine	ditekSHen	2022-05-26
220	SUSP_XORed_Mozilla	Florian Roth	2022-05-25
220	SUSP_XORed_Mozilla_RID2DB4	Florian Roth	2022-05-25
188	INDICATOR_SUSPICIOUS_Binary_References_Browsers	ditekSHen	2022-05-26
182	MAL_Lokibot_Stealer		2022-05-26
173	MALWARE_Win_AgentTeslaV3	ditekSHen	2022-05-26
145	SUSP_ELF_LNX_UPX_Compressed_File	Florian Roth	2022-05-25
140	Excel_Hidden_Macro_Sheet		2022-05-26

Most downloaded Malware Samples

Most downloaded malware samples on MalwareBazaar.

Downloads	Malware Sample	Type	Signature	Reporter
1'343	913db6d757a6f498a23cb1bbe7f8aa7f622bac41e86e52b698c9139be59fafc1	exe	Heodo	@zbetcheckin
990	788d36f9a89dc8f29496a8898a14f610cf2f93fe87c4267577dcf2c9be62ab7c	exe	njrat	@abuse_ch
972	a8f75cb7dfd647fc6a6afb6620abfcf3877cb47902dc16a653388cca05f20e24	exe	RedLineStealer	@abuse_ch
607	0285ce41301dcc6dfcf076c3a5897010a2c3c52f24016c2464a52d9124d5467b	exe	Formbook	@cocaman
529	b7dfe331c6260d43efacb7ca54ce480d64c832209d4c013371d76590bedc0ba4	exe	Loki	@zbetcheckin
521	3caaa84ffcbd28e8f6a95a11a8101508c06ee47dd00a93b0d52960e351e4a97c	exe	Formbook	@zbetcheckin
509	a1b424af1a1f0c7b572adb406b39914beca20139fb88b6e3b8161ed591cb78c8	exe	Loki	@zbetcheckin
508	b0773d0dcca492d5ac179ef976c7e8dbd2f8c251edd30ab02d89c7850b85d858	exe	AveMariaRAT	@zbetcheckin
506	4248e3a85f2ba76bb7757f263937e9e4f1bc1a26c3287464d146a96667a13e3a	exe	Nitol	@zbetcheckin
502	c34db222388b0ac3b10e12c1e05f170582d4c62432a1eda3bf50cb72dd5cfac6	exe	Loki	@zbetcheckin
495	a3ea19994f6afe8d3695fce60d60b7cfef4acb73bd71136433681d6d4f2e95ed	exe	RedLineStealer	@zbetcheckin
494	15e95bdb90694a66e3e5511d97120d46a5538778525933a967cb64728b9ebb39	js		@MichaelGalde
493	864448901d066f7fa4835e4c12341d60bf7f610d8c45577ac5749267535c243c	exe	AZORult	@abuse_ch
493	417b629a47d80e02ff1303a7582cd8ef8baba3ce6e1c1877bc1e0385bc76110c	exe	Loki	@zbetcheckin
492	8128437ec7c345a0ac4cc52ea079c0319c35b8da755955948f84579d87e87d61	exe	RedLineStealer	@zbetcheckin

ANY.RUN

Top detections by ANY.RUN for malware samples on MalwareBazaar.

CAPE Sandbox

Top detections by CAPE Sandbox for malware samples on MalwareBazaar.

ClamAV

Top detections by ClamAV for malware samples on MalwareBazaar.

Intezer

Top detections by Intezer for malware samples on MalwareBazaar.

Joe Sandbox

Top detections by Joe Sandbox for malware samples on MalwareBazaar.

CERT.PL MWDB

Top detections by CERT.PL MWDB for malware samples on MalwareBazaar.

ReversingLabs

Top detections by ReversingLabs Titanium Platform for malware samples on MalwareBazaar.

Threatray

Top detections by Threatray for malware samples on MalwareBazaar.

Triage

Top detections by Triage for malware samples on MalwareBazaar.

UnpacMe

Top detections by UnpacMe for malware samples on MalwareBazaar.

VMRay

Top detections by VMRay for malware samples on MalwareBazaar.

FileScan.IO

Top classifications by FileScan.IO for malware samples on MalwareBazaar.

Most discussed Malware Samples

Most discussed (commented) malware samples on MalwareBazaar.

Comments	Malware Sample	Type	Signature
10	97bb6f30d2fe5546a810da356e41652d1bccfe2130cf77dec36b9ee17c19259d	xls	Dridex
6	d9b05da007d51cf86d4a6448d17183ab69a195436fe17b497185149676d0e77b	exe	TrickBot
4	7277388a0a82e85fe6eb38ed47bd5640c74f10be64ee6e9b8610c49b73328859	7z	HawkEye
3	f4841b9b9006e327d58c8d6fb6e1bb3699d05fcd10fcaf7adcdde47efccb13b3	zip	AgentTesla
3	e97b35c4339e0412571a445b2fe20e30fe91585cad505820b56a098a66e54c23	exe	AgentTesla
3	0994e0972430f7cf02b66c290b6e62666c14da2ca9ad369e7cf5447313dc8550	exe	TrickBot
3	667f88e8dcd4a15529ed02bb20da6ae2e5b195717eb630b20b9732c8573c4e83	doc	Phobos
2	df822aa4ae822b89d8f1c6b4afe3f9bf4679b7c9872bd95d3cbfab366a57edca	hta
2	2b7bdd0b8bde43d8e9d9a32352a408c5028e2a39c694be064a6ed18d0aa830e7	exe	Stop
2	251643f0b539eb872ebeb216f1b71f0f8dc8301276ea63dbfdf10a7267ac7379	zip

Top File Types

Most seen file types associated with malware samples on MalwareBazaar.

Top imphashes

Most seen imphashes on MalwareBazaar.

Malware Sample	imphash	Top 4 Signatures
1'419	f34d5f2d4577ed6d9ceec516c1f5a744	AgentTesla Formbook Loki SnakeKeylogger
172	61259b55b8912888e90f516ca08dc514	GuLoader Formbook Loki RemcosRAT
151	b268dbaa2e6eb6acd16e04d482356598	Heodo
133	ad5c5b0f3e2e211c551f3b5059e614d7	Heodo
125	dbde2cec49d02964ab0aa40b1f723aff	Heodo
112	5c49ce3660f3f487a221bd7888983b24	Heodo
84	476d7c7f89dda8defebbeac0d5307181	Heodo
78	dfaffb91ffd6ccb2db2dd7341b2d718f	Heodo
70	55f3dfd13c0557d3e32bcbc604441dd3	Formbook Loki SnakeKeylogger RemcosRAT
66	073e9094df66da2c3d6e17b86c2a33ec	Heodo

Top ssdeep hashes

Most seen ssdeep hashes on MalwareBazaar.

Malware Sample	ssdeep	Signature(s)
10	768:pkZKpb8rGYrMPe3q7Q0XV5xtezEs/68/dgAdCBn9kC+xbqc6q+otrvEVLcAo:p+Kpb8rGYrMPe3q7Q0XV5xtezEsi8/d5	Heodo SilentBuilder
9	12288:3sGDrsy7QD25IMRgmDBJzd4+vZiy80LlMXuuLp0rTXNlgPgBuLq:3sGnPIM9LpHVLspMQ4ML	Formbook AveMariaRAT RemcosRAT NetWire
7	96:gRYZxQOBpLyxIcymLKY8M991wuIaQPYPW:gRJObLyxIIYMdwuwPYPW
6	12288:TEujXx7EZyZCW10lLz/UzWxXhdzHbFsFKa9hAUsifQuVL:YOFEV8KvHe5hYiJ1	Quakbot
6	96:2RYZxQOBpLyxIcymLKY8M991wuIaQPYPW:2RJObLyxIIYMdwuwPYPW
6	12288:zWijNHVkFTo0x5H1ZWJZPcyhiX5qPdRJgb4RmIggE6gPgBuLq:zWixYT35H1485XITJgcRSv4ML	FormBook RemcosRAT DBatLoader
5	6144:EbmRW/X22TR72tKbxGeYkesyj1BQr6blJLUDblVpM54WWBKWuSIZ5ib0wj:E42Gi7/YpRBQrgI5M54riZYbf	Heodo
5	24576:bVo3aqHftvs0S8n4NAmqDq7GYdd0/yW6wJI8OMk2CcxiYFpD3:b	Quakbot
5	24576:8guIsJAkkCasjr6+aCuT8kt7fyIkd73h5:fWAVLTRhkRh	AveMariaRAT RemcosRAT BitRAT Formbook
5	96:oRYZxQOBpLyxIcymLKY8M991wuIaQPYPW:oRJObLyxIIYMdwuwPYPW

Top dhash icon

Most seen dhashes of icons from PE32 executables and their signatures.

Malware Sample	dhash icon	Signature(s)
134	b2a89c96a2cada72	70 x Formbook, 47 x Loki, 7 x SnakeKeylogger
127	0000000000000000	45 x AgentTesla, 27 x Formbook, 18 x Loki
96	818da080a0a0a0a2	93 x Heodo, 1 x AsyncRAT
73	71b119dcce576333	70 x Heodo, 1 x Worm.Ramnit, 1 x YoungLotus
68	d2961d3133038ee8	22 x AgentTesla, 17 x FormBook, 8 x Loki
64	c0b0c6c8a896a0c0	20 x AgentTesla, 19 x Formbook, 12 x Loki
43	d4d4b2f2f0dcd4e8	43 x Heodo
42	65e4d2eaecc4d859	16 x AgentTesla, 7 x SnakeKeylogger, 7 x Loki
40	399998ecd4d46c0e	37 x Quakbot, 2 x SystemBC, 1 x Smoke Loader
30	10808a8c8c8a8010	12 x Formbook, 8 x RemcosRAT, 4 x AveMariaRAT