From b438ede754a92cad7a0b20bd5c0e0166cfe7a17f Mon Sep 17 00:00:00 2001
From: StrangerealIntel <54320855+StrangerealIntel@users.noreply.github.com>
Date: Sat, 29 Aug 2020 16:48:56 +0200
Subject: [PATCH] Update Yara_Neutrino.yar

---
 Additional Analysis/Neutrino/Yara/Yara_Neutrino.yar | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Additional Analysis/Neutrino/Yara/Yara_Neutrino.yar b/Additional Analysis/Neutrino/Yara/Yara_Neutrino.yar
index cb12b4f..a776a0f 100644
--- a/Additional Analysis/Neutrino/Yara/Yara_Neutrino.yar	
+++ b/Additional Analysis/Neutrino/Yara/Yara_Neutrino.yar	
@@ -36,6 +36,6 @@ rule Dropper_Neutrino_Feb_20 {
       $s19 = "x`FDbFdaFTcF^" fullword ascii
       $s20 = "jdXj2YC" fullword ascii
    condition:
-      uint16(0) == 0x5a4d and filesize < 300KB and
+      uint16(0) == 0x5a4d and filesize > 300KB and
       ( pe.imphash() == "934381a85d55af4033da1a769f2cce1d" or 8 of them )
 }