Collects machine info, including Windows product keys, IP addresses, hardware specs, and desktop screenshots.
Includes basic anti-debugging and anti-VM (Virtual Machine) checks to detect if it is being run by a security researcher in a sandbox. Delivery Methods Mercurial Grabber.exe
Primarily uses Discord Webhooks to exfiltrate stolen data directly to an attacker-controlled Discord channel. Key Capabilities Collects machine info, including Windows product keys, IP
Written in C# (C Sharp) using the .NET framework, making it relatively easy to reverse-engineer if it isn't obfuscated. Collects machine info
Scrapes local LevelDB files to steal Discord authentication tokens, allowing attackers to bypass 2FA and take over accounts.
Mercurial Grabber is designed for "smash-and-grab" operations, focusing on the following targets: