Statistics

MalwareBazaar produces detailed statistics on shared malware samples, including associated detections - find the available statistics below.

You can also access Spamhaus's Malware Digest report, based on MalwareBazaar data:

https://www.spamhaus.org/malware-digest/#malwarebazaar

Past 14 days
Overall

Malware sample shared

The chart below shows the number of unique malware samples shared on MalwareBazaar per day over a period of 30 days.

Top Reporters

It wouldn't be possible to operate MalwareBazaar without the help of volunteers who contribute malware samples to MalwareBazaar. The table below shows the top reporters and their Twitter handle.

Rank	Reporter	Last activity	Submissions
1	abuse_ch	2024-11-21	2'470
2	Bitsight	2024-11-21	1'157
3	JAMESWT_MHT	2024-11-20	889
4	NDA0E	2024-11-21	334
5	adrian__luca	2024-11-18	196
6	lowmal3	2024-11-20	189
7	threatcat_ch	2024-11-20	97
8	zbetcheckin	2024-11-09	96
9	SecuriteInfoCom	2024-11-09	74
10	cocaman	2024-11-18	59
11	aachum	2024-11-17	55
12	Porcupine	2024-11-21	48
13	elfdigest	2024-11-20	40
14	smica83	2024-11-20	34
15	Chainskilabs	2024-11-17	28

Top Malware Families

Top Tags

Most matching YARA rules

YARA rules that matched most on malware samples in MalwareBazaar.

Malware Samples	YARA rule	Author	Last match
992	unixredflags3	Tim Brown @timb_machine	2024-11-21
980	DebuggerCheck__API	None	2024-11-21
975	NET	malware-lu	2024-11-21
819	linux_generic_ipv6_catcher	@_lubiedo	2024-11-21
742	vmdetect	nex	2024-11-21
730	pe_imphash	None	2024-11-21
730	Skystars_Malware_Imphash	Skystars LightDefender	2024-11-21
701	RANSOMWARE	ToroGuitar	2024-11-21
615	Sus_Obf_Enc_Spoof_Hide_PE	XiAnzheng	2024-11-21
555	pe_detect_tls_callbacks	None	2024-11-21
551	NETexecutableMicrosoft	malware-lu	2024-11-21
550	DebuggerCheck__QueryInfo	None	2024-11-21
540	MD5_Constants	phoul (@phoul)	2024-11-21
490	RansomPyShield_Antiransomware	XiAnzheng	2024-11-21
440	RIPEMD160_Constants	phoul (@phoul)	2024-11-21

Most downloaded Malware Samples

Most downloaded malware samples on MalwareBazaar.

Downloads	Malware Sample	Type	Signature	Reporter
40'670	c24ff50a15372a69690f4c7cd783609e92924ec38f2f42148573d35980f07cd3	exe	LummaStealer	abuse_ch
40'653	b828382168a0077c7d5cd8faf44d5da19a4d852cfca7c85dae63de97e5dd6753	exe	LummaStealer	abuse_ch
30'764	cdff50f4126445f55098d307fa40396a80396cc50d4d94c0c8a849b4de2b7da2	exe	LummaStealer	abuse_ch
30'487	eb097b81a3a0a5510aec27b28fd7a140152eb217520fca3dd92f27a72d817045	elf	Mirai	abuse_ch
30'448	515eb18d3f105eb377e73dfa2ee34a24f50da54f0600d02d7914d41c916f3848	elf	Mirai	abuse_ch
21'207	5c3c2b798a054a21d0adedaa3c8fb854150ade25c67dab31319fd2ae1890c70b	elf	Mirai	abuse_ch
21'199	5aac7d31149048763e688878c3910ae4881826db80e078754f5d08f2c1f39572	unknown		Anonymous
21'198	338044062dd513d44e67e0b251b7766ddf798fb7873d8ded11dc4a59c2e28541	pdf		_StephMi
21'187	b7aed1e4fa27b9882c1ee246cf725d223c62f8746ced0828ac2464bd067196e3	sh	Mirai	abuse_ch
21'160	93a4ee3d7d53d71f92d724861655721010c539b26ed6123c6eaad4320f923e3b	sh	Mirai	abuse_ch
18'331	a79bbdaff2dee3575ebd6b28d6760d0e83b2462af56e86b652c288eadfac19fa	exe	Formbook	threatcat_ch
17'996	ab07aa532d5e8bc8f6c811cc04f884bd8d991390a8db34b32ef8a6a5733a0e02	elf	Mirai	abuse_ch
17'993	f069f287b1b1ffde1196f3456bfc8eeb4e58fa0c1ec51209ef7e120f7276accc	elf	Mirai	abuse_ch
17'991	82b86a310fda4d4e5b056298eb324a7af355fa1a292b445d90163a5aa21e3d73	elf	Gafgyt	abuse_ch
17'974	496008494efa67cae910a5ec2d41f2cf90ce032b32a038ba765aa246479d7ee6	elf	Gafgyt	abuse_ch

ANY.RUN

Top detections by ANY.RUN for malware samples on MalwareBazaar.

ClamAV

Top detections by ClamAV for malware samples on MalwareBazaar.

Intezer

Top detections by Intezer for malware samples on MalwareBazaar.

Joe Sandbox

Top detections by Joe Sandbox for malware samples on MalwareBazaar.

CERT.PL MWDB

Top detections by CERT.PL MWDB for malware samples on MalwareBazaar.

ReversingLabs

Top detections by ReversingLabs Titanium Platform for malware samples on MalwareBazaar.

Threatray

Top detections by Threatray for malware samples on MalwareBazaar.

Triage

Top detections by Triage for malware samples on MalwareBazaar.

UnpacMe

Top detections by UnpacMe for malware samples on MalwareBazaar.

VMRay

Top detections by VMRay for malware samples on MalwareBazaar.

FileScan.IO

Top classifications by FileScan.IO for malware samples on MalwareBazaar.

CyberFortress

Top classifications by CyberFortress for malware samples on MalwareBazaar.

ThreatZone

Top classifications by ThreatZone for malware samples on MalwareBazaar.

Most discussed Malware Samples

Most discussed (commented) malware samples on MalwareBazaar.

Comments	Malware Sample	Type	Signature
10	97bb6f30d2fe5546a810da356e41652d1bccfe2130cf77dec36b9ee17c19259d	xls	Dridex
6	d9b05da007d51cf86d4a6448d17183ab69a195436fe17b497185149676d0e77b	exe	TrickBot
4	7277388a0a82e85fe6eb38ed47bd5640c74f10be64ee6e9b8610c49b73328859	7z	HawkEye
3	f4841b9b9006e327d58c8d6fb6e1bb3699d05fcd10fcaf7adcdde47efccb13b3	zip	AgentTesla
3	e97b35c4339e0412571a445b2fe20e30fe91585cad505820b56a098a66e54c23	exe	AgentTesla
3	0994e0972430f7cf02b66c290b6e62666c14da2ca9ad369e7cf5447313dc8550	exe	TrickBot
3	667f88e8dcd4a15529ed02bb20da6ae2e5b195717eb630b20b9732c8573c4e83	doc	Phobos
2	df822aa4ae822b89d8f1c6b4afe3f9bf4679b7c9872bd95d3cbfab366a57edca	hta
2	2b7bdd0b8bde43d8e9d9a32352a408c5028e2a39c694be064a6ed18d0aa830e7	exe	Stop
2	251643f0b539eb872ebeb216f1b71f0f8dc8301276ea63dbfdf10a7267ac7379	zip

Top File Types

Most seen file types associated with malware samples on MalwareBazaar.

Top imphashes

Most seen imphashes on MalwareBazaar.

Malware Sample	imphash	Top 4 Signatures
1'046	2eabe9054cad5152567f0699947a2c5b	LummaStealer MarsStealer Stealc Healer
432	f34d5f2d4577ed6d9ceec516c1f5a744	AgentTesla Formbook SnakeKeylogger RedLineStealer
105	948cc502fe9226992dce9417f952fce3	CredentialFlusher Formbook AgentTesla RedLineStealer
87	3d95adbf13bbe79dc24dccb401c12091	AgentTesla NanoCore FormBook Loki
49	d3bf8a7746a8d1ee8f6e5960c3f69378	Formbook AgentTesla SnakeKeylogger RedLineStealer
31	b34f154ec913d2d2c435cbd644e91687	GuLoader EpsilonStealer RemcosRAT AgentTesla
28	aaaa8913c89c8aa4a5d93f06853894da	Formbook AgentTesla RedLineStealer SnakeKeylogger
19	9571cd5d48bd42b28bbbbb83862e75ac	INC
19	9771ee6344923fa220489ab01239bdfd	ConnectWise
19	6e7f9a29f2c85394521a08b9f31f6275	GuLoader Formbook AgentTesla RemcosRAT

Top ssdeep hashes

Most seen ssdeep hashes on MalwareBazaar.

Malware Sample	ssdeep	Signature(s)
5	98304:jWs6efPY+bzk5yVWOY0DGICCQO5t0DoF:6fefPjzMOWOY3CQO5tU	ConnectWise
4	768:Oa2vU7eng2qGJert7LrLMU6fgatQh+YbT/9+m3CZQoV/bnmCozw:Oa4U7G7SvT6ftBTm3KVrmCo8	Mirai
3	98304:LWs6efPY+bzk5yVWOY0DGICCQO5t0DoF:SfefPjzMOWOY3CQO5tU	ConnectWise
2	12288:00Bw2wHeeJgR3asIAksAi0uObzkzOgFr1qwRcFjV1D7a9KbsaKjpeFmz4T28bLvl:00BnRED/TwOjX0a5xTdvl
2	6144:zGOdIWe48wn1obslh391UmaFyjDZSbGqJA:zGOdRn1obsl5XURQFSQ	ShipUp
2	12:7XOTtvmZPuXOpqXYcGFyZow4+2bgEiJbmVLHeuET3VLHeuNK/VLHeu3:Twv53GFyZou2Rb+BZ+gA+M	Mirai
2	49152:1+1Ypn4N2MGVv1zyIBWGppT9jnMHRjOOozjcqZJN8dUZTwYaH7oqPxMbY+K/tzQz:1+lUlz9FKbsodq0YaH7ZPxMb8tT	AteraAgent
2	6144:O7HI/0S6GcV6yabg0OLe//fRD/uzc+8fJpgY08g:gH6b6GcV6wq/fJ/rDfJpgYE	Simda
2	24576:uqLMFH5BhM6RwyeQvt6ot0h9HyrOOfGOA/X:1LMFHa6ReIt0jSrODX
2	12288:8zBB2EzqBTMudgkVJnQb7WvpQOSSQNx6qZ5:aB2EzqBIudgkTQb7Wu58i5	RemcosRAT

Top dhash icon

Most seen dhashes of icons from PE32 executables and their signatures.

Malware Sample	dhash icon	Signature(s)
202	aae2f3e38383b629	90 x CredentialFlusher, 68 x Formbook, 11 x RedLineStealer
71	b150b26869b2d471	41 x Formbook, 9 x AgentTesla, 5 x RedLineStealer
60	b67ee8c2f2f0711a	60 x ShipUp
35	0000000000000000	9 x Formbook, 5 x SnakeKeylogger, 5 x AgentTesla
14	c4d48eaa8ad4d4f8	14 x RemcosRAT
13	334b0b0f271b6b23	3 x PureCrypter, 3 x GuLoader, 2 x RemcosRAT
12	b298acbab2ca7a72	4 x Socks5Systemz, 1 x LummaStealer, 1 x AsyncRAT
12	9494b494d4aeaeac	5 x DCRat, 1 x BlankGrabber, 1 x Formbook
11	13607332330b0bb3	7 x MassLogger, 2 x AgentTesla, 1 x RedLineStealer
11	1a6a6ad59b43c674	3 x SnakeKeylogger, 2 x Formbook, 1 x MassLogger