Mercurial Grabber.exe -

Distributed via phishing emails or "freeware" links in YouTube descriptions and Discord servers. Typical Infection Cycle

Includes basic anti-debugging and anti-VM (Virtual Machine) checks to detect if it is being run by a security researcher in a sandbox. Delivery Methods Mercurial Grabber.exe

Never download software from unofficial sources, especially those that ask you to disable your antivirus before running. Ransomware Roundup - DoDo and Proton | FortiGuard Labs Distributed via phishing emails or "freeware" links in

The stolen data is bundled and sent via an HTTP POST request to the attacker's Discord webhook. Risk Mitigation If you suspect an infection: Ransomware Roundup - DoDo and Proton | FortiGuard

Attackers rarely name the file "Mercurial Grabber.exe" when sending it to victims. Instead, they disguise it as:

Fake "FiveM" cheats, Minecraft mods, or Roblox exploits. Cracked Software: Keygens or installers for paid software.

Collects machine info, including Windows product keys, IP addresses, hardware specs, and desktop screenshots.