ch0ic3/CyberThreatIntel
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Update Yara_Neutrino.yar

Browse Source
This commit is contained in:
StrangerealIntel 2020-08-29 16:48:56 +02:00 committed by GitHub
parent a2ece7475d
commit b438ede754
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
Additional Analysis/Neutrino/Yara/Yara_Neutrino.yar
View File

@ -36,6 +36,6 @@ rule Dropper_Neutrino_Feb_20 {
$s19 = "x`FDbFdaFTcF^" fullword ascii $s19 = "x`FDbFdaFTcF^" fullword ascii
$s20 = "jdXj2YC" fullword ascii $s20 = "jdXj2YC" fullword ascii
condition: condition:
uint16(0) == 0x5a4d and filesize < 300KB and uint16(0) == 0x5a4d and filesize > 300KB and
( pe.imphash() == "934381a85d55af4033da1a769f2cce1d" or 8 of them ) ( pe.imphash() == "934381a85d55af4033da1a769f2cce1d" or 8 of them )
} }