CalvinBackup/coruna
1
0
Fork 0
mirror of https://github.com/khanhduytran0/coruna.git synced 2026-06-07 15:13:52 +02:00
Code Issues Packages Projects Releases Wiki Activity

Update ANALYSIS.md

Browse Source
This commit is contained in:
khanhduytran0
2026-03-08 07:40:45 +07:00
parent d13af12006
commit d7026ad75d
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files
ANALYSIS.md
+1 -1
View File
@@ -164,12 +164,12 @@ coruna-main/
├── utility_module.js # Crypto helpers, Int64, LZW
├── Stage3_VariantB.js # Sandbox escape + MachOPayloadBuilder
├── other/
│ └── bootstrap.dylib # Extracted dylib with ChaCha20 + LZMA
├── downloaded/ # 17 files fetched from C2 server
│ └── <hash>.min.js # Raw encrypted payloads
├── extracted/ # Base64-decoded qbrdr payloads (from repo JS files)
│ └── <hash>.bin
└── payload/ # All 19 decrypted + decompressed F00DBEEF containers
├── bootstrap.dylib # Bootstrap dylib to validate and load other dylibs
├── 7a7d...payload # Decrypted manifest (F00DBEEF with 19 download entries)
├── <hash>.bin # F00DBEEF container
└── <hash>/ # Extracted entries per container