Mercurial Grabber.exe ●

Includes basic anti-debugging and anti-VM (Virtual Machine) checks to detect if it is being run by a security researcher in a sandbox. Delivery Methods

Specifically targets Minecraft (launch profiles) and Roblox (.ROBLOSECURITY cookies) to hijack gaming sessions. Mercurial Grabber.exe

Some variants copy themselves to %APPDATA%\Local\Temp and add a registry key to ensure they run every time the computer reboots. including Windows product keys

Collects machine info, including Windows product keys, IP addresses, hardware specs, and desktop screenshots. Mercurial Grabber.exe

Primarily uses Discord Webhooks to exfiltrate stolen data directly to an attacker-controlled Discord channel. Key Capabilities

Prioritize Discord, email, and gaming accounts. If you have 2FA enabled, your session tokens might still be at risk until you log out of all sessions.