FAME is an open source malware analysis platform that is meant to facilitate analysis of malware-related files, leveraging as much knowledge as possible in order to speed up and automate end-to-end analysis.

FAME should be seen as a malware analysis framework. Instead of developing several scripts for different tasks related to malware analysis, develop FAME modules that will be able to collaborate with each other.

Get started now! You can get the code on GitHub and read the docs.

Learn more about FAME in our introductory blogpost

Detailed Results
Get detailed analysis from your modules.
Threat Intelligence
Leverage your Threat Intelligence.
Extracted Malware Configuration
Extract malware configuration from analyzed samples.
Botnet tracking
Track how botnets are targeting your organization.
Module Management
Easily manage your processing, reporting, antivirus and threat intelligence modules. Use public and/or private modules.
Users Management
Make it available to several users in different teams with built-in access control.

The Blog

Python 3 Update

We are glad to announce that FAME and the community FAME modules have finally been updated to (only) support Python 3.

FAME is still being used daily by several teams to analyze malware and these changes will allow us to keep maintaining and improving FAME in the future.

This update is still compatible with existing setups, which means you should be able to update and keep all your existing files, analyses and configurations.

read more

Introducing FAME

At CERT Société Générale, we have our fair share of malware to analyze: banking malware, targeting the bank’s customers, and all kinds of malware targeting our users.

The process of malware analysis in our team had two main issues:

  • It takes too much time to complete an analysis. Let’s take the example of a banking trojan. Even if the analyst already recognized the malware family from the spam run, he still has to submit the sample to a sandbox, wait for the analysis to be over, download a memory dump, extract the configuration from memory and compare the configuration with our perimeter in order to determine if we are targeted. It the malware family is unknown, it is even more complicated.
  • Every analyst does not necessarily have the same knowledge regarding malware analysis.

Our answer to these problems is FAME, our malware analysis platform.

read more