Statistics

MalwareBazaar produces detailed statistics on shared malware samples, including associated detections - find the available statistics below.

You can also access Spamhaus's Malware Digest report, based on MalwareBazaar data:

https://www.spamhaus.org/malware-digest/#malwarebazaar

Past 14 days
Overall

Malware sample shared

The chart below shows the number of unique malware samples shared on MalwareBazaar per day over a period of 30 days.

Top Reporters

It wouldn't be possible to operate MalwareBazaar without the help of volunteers who contribute malware samples to MalwareBazaar. The table below shows the top reporters and their Twitter handle.

Rank	Reporter	Last activity	Submissions
1	abuse_ch	2025-01-18	2'693
2	adrian__luca	2025-01-13	595
3	threatcat_ch	2025-01-17	566
4	JAMESWT_MHT	2025-01-17	363
5	zhuzhu0009	2025-01-17	223
6	cocaman	2025-01-17	178
7	aachum	2025-01-17	157
8	lontze7	2025-01-17	128
9	Joker	2025-01-17	120
10	lowmal3	2025-01-17	87
11	kafan_shengui	2025-01-17	80
12	TeamDreier	2025-01-17	76
13	MrMalware	2025-01-15	53
14	threatquery	2025-01-17	42
15	elfdigest	2025-01-16	41

Top Malware Families

Top Tags

Most matching YARA rules

YARA rules that matched most on malware samples in MalwareBazaar.

Malware Samples	YARA rule	Author	Last match
18'608	DebuggerCheck__API	None	2025-01-17
17'894	pe_imphash	None	2025-01-17
8'802	pe_detect_tls_callbacks	None	2025-01-18
8'742	Skystars_Malware_Imphash	Skystars LightDefender	2025-01-17
5'722	BitcoinAddress	Didier Stevens (@DidierStevens)	2025-01-05
5'536	NET	malware-lu	2025-01-17
4'977	unixredflags3	Tim Brown @timb_machine	2025-01-18
4'918	linux_generic_ipv6_catcher	@_lubiedo	2025-01-18
3'895	DebuggerException__SetConsoleCtrl	None	2025-01-17
3'245	pdb_YARAify	@wowabiy314	2025-01-05
3'130	myMirai	None	2025-01-05
3'035	PE_Digital_Certificate	albertzsigovits	2025-01-17
2'997	DebuggerCheck__QueryInfo	None	2025-01-17
2'922	ThreadControl__Context	None	2025-01-17
2'596	PE_Potentially_Signed_Digital_Certificate	albertzsigovits	2025-01-16

Most downloaded Malware Samples

Most downloaded malware samples on MalwareBazaar.

Downloads	Malware Sample	Type	Signature	Reporter
5'442	13459f962b92ab2171c46e7cec234141a47b4bdd3f101785bf4d2376121f3294	exe	Formbook	threatcat_ch
4'790	cd7f033b5772ab975e25eb7398fd9125be6720332cb13bb0e07c08fd200278fd	exe		abuse_ch
4'752	2a5b8d0c2b5d1a5e2b879a750d1730e2d7b4afe1ec576d422546512b6a54d4e9	exe		threatcat_ch
4'718	70fccd712c0675bda276231e600928b9a3bda595719e95adc5fb2b847b156bf9	exe	VIPKeylogger	cocaman
4'706	782d0356109cd4bdbf0c69932dd6f753754a426927c26f7db60bff7344c46c1a	exe	AsyncRAT	zhuzhu0009
4'688	eae062b9aa062793a84a0c5b60223aab93f29f995de6250720610ba248945162	exe	DCRat	abuse_ch
4'604	e05602adb94bab4974cea367df5f9ca3a985065b62c7a43df0c99a07844b37aa	exe	ValleyRAT	abuse_ch
4'412	c06be77fce382a3d36bd47d86b611f6b7fe053a8b3068efe1297a0426449dbeb	exe	SnakeKeylogger	threatcat_ch
4'281	c4036ae358676bba732bcb78f6f2768b7076074dff7eec3a74d745dc065e58a5	xlsx	Formbook	TeamDreier
4'219	11a4eadb74837d9fdc0f052302016abed805674c458529523101ced2ccaf4346	exe	RemcosRAT	pr0xylife
4'133	1eeaa5aa5a810e9417ecbe94db6831262b6e7f4762788b92511ae9d5d03ed3a0	exe	ValleyRAT	abuse_ch
4'114	6439c8e94bd2398ad15bd8cbf86a9ca9528cecf77506357e894a359880282724	exe	RedLineStealer	abuse_ch
4'102	21b0e3d1102d9f0a374e33e51696f005ee96a063d4fd5ad2109715fa1e05a1f9	elf	Mirai	abuse_ch
4'073	81d37764ce48e1f76d1de50ee831094117ffc239e287e40806801dd0bba097d2	exe	njrat	johnk3r
3'975	9117e66824da8fc61c93cfe8058da8d8e4ec1d2dbb9ff25c1490771d0bd2826e	xlsx	AgentTesla	lowmal3

ANY.RUN

Top detections by ANY.RUN for malware samples on MalwareBazaar.

ClamAV

Top detections by ClamAV for malware samples on MalwareBazaar.

Intezer

Top detections by Intezer for malware samples on MalwareBazaar.

Joe Sandbox

Top detections by Joe Sandbox for malware samples on MalwareBazaar.

CERT.PL MWDB

Top detections by CERT.PL MWDB for malware samples on MalwareBazaar.

ReversingLabs

Top detections by ReversingLabs Titanium Platform for malware samples on MalwareBazaar.

Threatray

Top detections by Threatray for malware samples on MalwareBazaar.

Triage

Top detections by Triage for malware samples on MalwareBazaar.

UnpacMe

Top detections by UnpacMe for malware samples on MalwareBazaar.

VMRay

Top detections by VMRay for malware samples on MalwareBazaar.

FileScan.IO

Top classifications by FileScan.IO for malware samples on MalwareBazaar.

CyberFortress

Top classifications by CyberFortress for malware samples on MalwareBazaar.

ThreatZone

Top classifications by ThreatZone for malware samples on MalwareBazaar.

Most discussed Malware Samples

Most discussed (commented) malware samples on MalwareBazaar.

Comments	Malware Sample	Type	Signature
10	97bb6f30d2fe5546a810da356e41652d1bccfe2130cf77dec36b9ee17c19259d	xls	Dridex
6	d9b05da007d51cf86d4a6448d17183ab69a195436fe17b497185149676d0e77b	exe	TrickBot
4	7277388a0a82e85fe6eb38ed47bd5640c74f10be64ee6e9b8610c49b73328859	7z	HawkEye
3	f4841b9b9006e327d58c8d6fb6e1bb3699d05fcd10fcaf7adcdde47efccb13b3	zip	AgentTesla
3	e97b35c4339e0412571a445b2fe20e30fe91585cad505820b56a098a66e54c23	exe	AgentTesla
3	0994e0972430f7cf02b66c290b6e62666c14da2ca9ad369e7cf5447313dc8550	exe	TrickBot
3	667f88e8dcd4a15529ed02bb20da6ae2e5b195717eb630b20b9732c8573c4e83	doc	Phobos
2	df822aa4ae822b89d8f1c6b4afe3f9bf4679b7c9872bd95d3cbfab366a57edca	hta
2	2b7bdd0b8bde43d8e9d9a32352a408c5028e2a39c694be064a6ed18d0aa830e7	exe	Stop
2	251643f0b539eb872ebeb216f1b71f0f8dc8301276ea63dbfdf10a7267ac7379	zip

Top File Types

Most seen file types associated with malware samples on MalwareBazaar.

Top imphashes

Most seen imphashes on MalwareBazaar.

Malware Sample	imphash	Top 4 Signatures
641	f34d5f2d4577ed6d9ceec516c1f5a744	AgentTesla Formbook SnakeKeylogger RedLineStealer
150	afcdf79be1557326c854b6e20cb900a7	AgentTesla FormBook RemcosRAT NanoCore
102	948cc502fe9226992dce9417f952fce3	CredentialFlusher Formbook AgentTesla RedLineStealer
65	2e5708ae5fed0403e8117c645fb23e5b	WannaCry Worm.Virut
41	be41bf7b8cc010b614bd36bbca606973	DanaBot LummaStealer Vidar CryptBot
24	3d95adbf13bbe79dc24dccb401c12091	AgentTesla FormBook NanoCore Loki
22	fcf1390e9ce472c7270447fc5c61a0c1	DCRat NanoCore njrat RedLineStealer
21	e77512f955eaf60ccff45e02d69234de	RemcosRAT
21	1f23f452093b5c1ff091a2f9fb4fa3e9	GuLoader RemcosRAT Formbook AgentTesla
19	2eabe9054cad5152567f0699947a2c5b	LummaStealer Stealc Healer MarsStealer

Top ssdeep hashes

Most seen ssdeep hashes on MalwareBazaar.

Malware Sample	ssdeep	Signature(s)
7	24576:Gw6yj+R7ydItm/2uQAGYDKAVcpzWc4ctu:GDBR2KTYDKArc4Ku	DBatLoader
6	768:Oa2vU7eng2qGJert7LrLMU6fgatQh+YbT/9+m3CZQoV/bnmCozw:Oa4U7G7SvT6ftBTm3KVrmCo8	Mirai
3	12288:6QIkwT+V+46MTuxN+qpMBUH5kAAxwWVtBeSX:W4/y+qaBUZJAdVtj	Prometei
2	12288:qb143S0q+8eXS1/f2Wc3slC3yjTjMv+9XSJhBXEsV3b9gh4J8zMSv7MzOup8Mplu:qmShf4OTjMgXSJhBXEsVrmz9MOup1Khd	Prometei
2	12288:6QIkwT+V+46MTuxN+qpMBUH5kAAxwWVtBeS1:W4/y+qaBUZJAdVt5	Prometei
2	786432:UrBkuVmrjV7eIAtenOTZ6oh7Da123AG1ZUJEAyQhcJ7hRNtq50a:UrlVmrjV7eIvnOTZ6ca491SJ5yu4V4W	LegionLoader
2	12288:6QIkwT+V+46MTuxN+qpMBUH5kAAxwWVtBeST:W4/y+qaBUZJAdVt/	Prometei
2	12288:qb143S0q+8eXS1/f2Wc3slC3yjTjMv+9XSJhBXEsV3b9gh4J8zMSv7MzOup8Mplt:qmShf4OTjMgXSJhBXEsVrmz9MOup1Kha	Prometei
2	12288:6QIkwT+V+46MTuxN+qpMBUH5kAAxwWVtBeS4:W4/y+qaBUZJAdVt8	Prometei
2	12288:qb143S0q+8eXS1/f2Wc3slC3yjTjMv+9XSJhBXEsV3b9gh4J8zMSv7MzOup8Mplt:qmShf4OTjMgXSJhBXEsVrmz9MOup1KhK	Prometei

Top dhash icon

Most seen dhashes of icons from PE32 executables and their signatures.

Malware Sample	dhash icon	Signature(s)
254	aae2f3e38383b629	149 x Formbook, 23 x AgentTesla, 18 x SnakeKeylogger
37	0000000000000000	11 x Formbook, 4 x MassLogger, 3 x RedLineStealer
25	c4d48eaa8ad4d4f8	24 x RemcosRAT
21	9494b494d4aeaeac	18 x DCRat, 1 x QuasarRAT, 1 x AgentTesla
16	b150b26869b2d471	7 x Formbook, 3 x SnakeKeylogger, 2 x AgentTesla
16	b2a89c96a2cada72	12 x GuLoader, 2 x Formbook, 1 x ValleyRAT
16	f8bee6e6e6e2e6f8	7 x Formbook, 3 x MassLogger, 2 x SnakeKeylogger
11	060e0e0e06969696	11 x Formbook
10	34e4d4d4d1c9d4dc	3 x njrat
10	0f33364d3633dc23	3 x RemcosRAT, 3 x Formbook, 1 x AgentTesla