Statistics

MalwareBazaar produces various statistics on malware samples shared, including their detections. The available statistics can be found below.

Past 14 days
Overall

Malware sample shared

The chart below shows the number of unique malware samples shared on MalwareBazaar per day over a period of 30 days.

Top Reporters

It wouldn't be possible to operate MalwareBazaar without the help of volunteers who contribute malware samples to MalwareBazaar. The table below shows the top reporters and their Twitter handle.

Rank	Reporter	Last activity	Submissions
1	@abuse_ch	2021-08-03	1'534
2	@zbetcheckin	2021-08-03	1'149
3	@cocaman	2021-08-02	432
4	@JAMESWT_MHT	2021-08-02	221
5	@lowmal3	2021-08-02	137
6	@James_inthe_box	2021-08-02	124
7	@GovCERT_CH	2021-07-30	106
8	@SecuriteInfoCom	2021-08-03	103
9	@tolisec	2021-08-02	97
10	@malwarelabnet	2021-08-02	78
11	@malware_traffic	2021-07-30	27
12	@ArkbirdDevil	2021-08-02	27
13	@Racco42	2021-08-02	25
14	@TeamDreier	2021-08-02	15
15	@r3dbU7z	2021-08-01	14

Top Malware Families

Top Tags

Most downloaded Malware Samples

Most downloaded malware samples on MalwareBazaar.

Downloads	Malware Sample	Type	Signature	Reporter
2'278	e0b8c869d4a6c612c59a4a22eb1b61dbd751e7008dfdf8f9215621f95a484be2	exe	RaccoonStealer	@abuse_ch
2'263	e09956e3cf238362a12d4fb0c7748334980d447f45519302f059ee315c6a62eb	elf	Mirai	@zbetcheckin
2'242	2bbe0633d974bebe690876a221f84f1941220b9ccf9a5a000151babda8f443e1	elf	Mirai	@zbetcheckin
2'080	e6507f36045c13dee736bea44d61e90169ea69de61e9dc50b5743960c5b8f85a	exe	BlackNET	@abuse_ch
1'854	51efb42800bb7a82776d721f2c7485a2258036d43ca263a8c64ed1f30a650fde	elf	Mirai	@tolisec
1'848	e795060743fb5139f888e616204b46727365cac99ce03ccd29c7fc8df412baea	exe	RedLineStealer	Anonymous
1'842	db33ecbcd768469b698011c77e600e378e4225f8dc952b0fc9829b5ef61aa6c2	exe	QuasarRAT	@abuse_ch
1'840	c643f3d7a3da44116e51974aeeba114d184ab09ddde121e8283d73c60ee9b184	exe	QuasarRAT	@abuse_ch
1'774	3baa3afdc0dbd4cc6bd1db808eae12356bfe7bb8e4640d96116a38111367a5fd	exe	Pony	@abuse_ch
1'768	c4212b60e17b36e660d61ce38b7e9308aaadeaf815c05ab5d1edefed5c80be16	exe	RedLineStealer	@abuse_ch
1'735	c186924c9e23f60e9dea580f9d3435d36a24c95fc2e4b79c95933cf870650697	exe	AgentTesla	@abuse_ch
1'712	dde0d8980f77e3569f9d6c5e0c439e8dd8e2bba5fa2ae4d029ddcc4c1f3da134	exe	Formbook	@abuse_ch
1'710	028fe7d08ab916d5239ccd8bcfdcd885ddffdf3821abc01958490daeba45dbec	exe	Smoke Loader	@abuse_ch
1'705	5651c726a433d942eb9cdbe74c6631178fa3e243e0953e0a55f54f1752e05682	exe	Stop	@abuse_ch
1'698	851c23c1e7511cae9134da4086116a84a8c28405a0ba05f1a9654a518e2cd64d	exe	Dridex	@abuse_ch

CAPE Sandbox

Top detections by CAPE Sandbox for malware samples on MalwareBazaar.

ClamAV

Top detections by ClamAV for malware samples on MalwareBazaar.

Intezer

Top detections by Intezer for malware samples on MalwareBazaar.

Joe Sandbox

Top detections by Joe Sandbox for malware samples on MalwareBazaar.

CERT.PL MWDB

Top detections by CERT.PL MWDB for malware samples on MalwareBazaar.

ReversingLabs

Top detections by ReversingLabs Titanium Platform for malware samples on MalwareBazaar.

Threatray

Top detections by Threatray for malware samples on MalwareBazaar.

Triage

Top detections by Triage for malware samples on MalwareBazaar.

UnpacMe

Top detections by UnpacMe for malware samples on MalwareBazaar.

Most discussed Malware Samples

Most discussed (commented) malware samples on MalwareBazaar.

Comments	Malware Sample	Type	Signature
10	97bb6f30d2fe5546a810da356e41652d1bccfe2130cf77dec36b9ee17c19259d	xls	Dridex
6	d9b05da007d51cf86d4a6448d17183ab69a195436fe17b497185149676d0e77b	exe	TrickBot
4	7277388a0a82e85fe6eb38ed47bd5640c74f10be64ee6e9b8610c49b73328859	7z	HawkEye
3	f4841b9b9006e327d58c8d6fb6e1bb3699d05fcd10fcaf7adcdde47efccb13b3	zip	AgentTesla
3	e97b35c4339e0412571a445b2fe20e30fe91585cad505820b56a098a66e54c23	exe	AgentTesla
3	0994e0972430f7cf02b66c290b6e62666c14da2ca9ad369e7cf5447313dc8550	exe	TrickBot
3	667f88e8dcd4a15529ed02bb20da6ae2e5b195717eb630b20b9732c8573c4e83	doc	Phobos
2	df822aa4ae822b89d8f1c6b4afe3f9bf4679b7c9872bd95d3cbfab366a57edca	hta
2	2b7bdd0b8bde43d8e9d9a32352a408c5028e2a39c694be064a6ed18d0aa830e7	exe	Stop
2	251643f0b539eb872ebeb216f1b71f0f8dc8301276ea63dbfdf10a7267ac7379	zip

Top File Types

Most seen file types associated with malware samples on MalwareBazaar.

Top imphashes

Most seen imphashes on MalwareBazaar.

Malware Sample	imphash	Top 4 Signatures
1'251	f34d5f2d4577ed6d9ceec516c1f5a744	AgentTesla Formbook Loki njrat
27	77ea83f3db2bce57a4cf8f786a999acd	RaccoonStealer RedLineStealer Smoke Loader Glupteba
23	4328f7206db519cd4e82283211d98e83	RedLineStealer RaccoonStealer LegionLocker AgentTesla
20	fcf1390e9ce472c7270447fc5c61a0c1	DCRat NanoCore njrat RemcosRAT
19	be41bf7b8cc010b614bd36bbca606973	DanaBot CryptBot RedLineStealer DarkVNC
18	d09a478840961ad890ac4dc4d59be69d	Smoke Loader RaccoonStealer RedLineStealer DanaBot
18	e65b83417738f666152fabcdb3753ddc	RaccoonStealer Glupteba RedLineStealer CryptBot
18	c05041e01f84e1ccca9c4451f3b6a383	DiamondFox RedLineStealer NanoCore Formbook
14	e08a2aae7cff0b5149ba174a3d48f743	RedLineStealer RaccoonStealer DanaBot TeamBot
14	32569d67dc210c5cb9a759b08da2bdb3	RedLineStealer DiamondFox ArkeiStealer CryptBot

Top ssdeep hashes

Most seen ssdeep hashes on MalwareBazaar.

Malware Sample	ssdeep	Signature(s)
8	3072:/TNVO/QJHZcfFj4rwLQGTNO5VZLwHm7vuQTpZUyY6co:7O/QJHZweEL/NOjCHm7FZZnc	Mirai
5	12288:RcOqhpe5sWWUgjIkdcCMTOArWe/C36lAnm4vNOpRKa:R7q+sWiItCoCdv	RemcosRAT BitRAT
4	3072:phNlHuBafLeBtfCzpta8xlBIOdVo3/4sxLJ10xio:p3lOYoaja8xzx/0wsxzSi	Mirai
4	6144:QopQQy0mOTRcoy3DF/5892Rfx7iZ5a3c+Z5a9B923Aas9NFYtk7gp54t7qgnKj/Q:QeQQYwyzF/B1eSdILkqEpwAg/T	SnakeKeylogger
2	384:3Wf8yGcSdW+wRsCBkX/l+JVA8p1r/zYVB6MeUogrUr3QAl9ethuZAp:GJKCBcEVA8pt/AB6MI2Ur/lVAp
2	1536:czvQSZpGS4/31A6mQgL2eYCGDwRcMkVQd8YhY0/EqfIzmd:nSHIG6mQwGmfOQd8YhY0/EqUG	Loki Heodo
2	768:3ZcPoRy2wlffJVzhYIVAO5i8HxzvblQPFWX:3ZfuBsIeO5i8tvblQPFWX	Mirai
2	384:fIDU0VIjjfvae4zt8XF9489HdTwLvPV5l01yXA1dWJJ:wDU0qjhCWbdELvNr0EQ1dWT	Mirai
2	768:uaGZ3wtzj2vBnrqwepexWIzZLEIoCIoRig7OCW:ua03wtXo3zZLEIoARlOCW	Mirai
2	12288:Zc+NeyoDJLR7mWZ2b7B/u43mWZsdzFZRsUj:ERsUj

Top dhash icon

Most seen dhashes of icons from PE32 executables and their signatures.

Malware Sample	dhash icon	Signature(s)
53	b271e8e4d4ccf070	15 x AgentTesla, 11 x SnakeKeylogger, 10 x Formbook
48	ead8ac9cc6e68ee0	17 x RaccoonStealer, 9 x RedLineStealer, 7 x DanaBot
38	ead8a89cc6e68ea0	13 x RaccoonStealer, 8 x DanaBot, 7 x RedLineStealer
36	ead8ac9cc6e68ea0	11 x RedLineStealer, 10 x RaccoonStealer, 9 x DanaBot
35	ead8a89cc6e68ee0	11 x RaccoonStealer, 9 x RedLineStealer, 9 x Smoke Loader
34	48b9b2b0e8c18c90	17 x RaccoonStealer, 5 x Smoke Loader, 3 x Glupteba
32	c4b4e6e69898d2c4	11 x Formbook, 9 x AgentTesla, 3 x Loki
30	489669d8d8699648	10 x AveMariaRAT, 9 x AgentTesla, 4 x NanoCore
29	f8dcbeffbffecee8	13 x AgentTesla, 7 x Formbook, 5 x Loki
25	4839b2b0e8c38c90	10 x RedLineStealer, 9 x RaccoonStealer, 2 x Smoke Loader