Grabber.exe — Mercurial

Written in C# (C Sharp) using the .NET framework, making it relatively easy to reverse-engineer if it isn't obfuscated.

Use reputable tools like Malwarebytes or Windows Defender to locate and remove the executable and its registry entries.

It silently scans for the targeted files and browser databases. Mercurial Grabber.exe

Mercurial Grabber is designed for "smash-and-grab" operations, focusing on the following targets:

Scrapes local LevelDB files to steal Discord authentication tokens, allowing attackers to bypass 2FA and take over accounts. Written in C# (C Sharp) using the

The stolen data is bundled and sent via an HTTP POST request to the attacker's Discord webhook. Risk Mitigation If you suspect an infection:

Primarily uses Discord Webhooks to exfiltrate stolen data directly to an attacker-controlled Discord channel. Key Capabilities Key Capabilities Extracts stored passwords

Extracts stored passwords, cookies, and autofill data from popular browsers like Google Chrome, Opera, Brave, and Yandex .