Gelsevirine

Description

(ESET) Gelsevirine is the last stage of the chain and it is called MainPlugin by its developers, according to the DLL name and also PDB path found in old samples (Z:\z_code\Q1\Client\Win32\Release\MainPlugin.pdb). It’s also worth mentioning that if defenders manage to obtain this last stage alone, it won’t run flawlessly since it requires its arguments to be set up by Gelsenicine.

Names

Name
Gelsevirine

Category

Malware

Type

  • Backdoor

Information

Mitre Attack

Other Information

Uuid

120b6249-69a8-4ffb-80dc-32b483341245

Last Card Change

2022-12-30