{ "id": "1591d5ee-bbd0-4ac5-a75b-fafef97178ac", "created_at": "2026-04-06T00:12:30.557336Z", "updated_at": "2026-04-10T13:12:40.459536Z", "deleted_at": null, "sha1_hash": "b299a7f0c072b43a658186ff0cb04a9337565e3e", "title": "GitHub - NightfallGT/Mercurial-Grabber: Grab Discord tokens, Chrome passwords and cookies, and more", "llm_title": "", "authors": "", "file_creation_date": "0001-01-01T00:00:00Z", "file_modification_date": "0001-01-01T00:00:00Z", "file_size": 800516, "plain_text": "GitHub - NightfallGT/Mercurial-Grabber: Grab Discord tokens,\r\nChrome passwords and cookies, and more\r\nBy NightfallGT\r\nArchived: 2026-04-05 13:42:49 UTC\r\nBuilder Preview\r\nFeatures\r\nGrabs Roblox cookies from Roblox Studio\r\nGrabs Minecraft sessions\r\nGrabs Google Chrome passwords\r\nGrabs Google Chrome cookies\r\nGrabs Discord token\r\nGrabs victim machine info\r\nGrabs Windows product key\r\nGrabs IP address, geolocation\r\nGrabs screenshot\r\nAnti Virutal Machine\r\nAnti Debug\r\nhttps://github.com/NightfallGT/Mercurial-Grabber\r\nPage 1 of 3\n\nCustomization\r\nAdd a custom icon\r\nCustom exe name\r\nInfo\r\nPlease do not use the program maliciously. This program is intended to be used for educational purposes only.\r\nMercurial is only used to demonstrate what type of information attackers can grab from a user's computer. This is\r\na project was created to make it easier for malware analysts or ordinary users to understand how credential\r\ngrabbing works and can be used for analysis, research, reverse engineering, or review.\r\nWhat is malware?\r\nMalware is a term that is used for malicious software that is designed to do damage or unwanted actions to\r\na computer system.\r\nAn explanation of this tool:\r\nGoogle Chrome always store user data in the same place, so the stealer generated by Mercurial Grabber has no\r\nproblem in finding it. In theory at least, this data is stored in encrypted form. However, if the malware has already\r\npenetrated the system, then its actions are done in your name.\r\nTherefore, the malware simply finds a way to decrypt information stored on your computer (by making it seem\r\nlike thie user is requesting it) . The stealer gets all your passwords and cookies.\r\nThe tool is also able to find Roblox cookies that are stored in the Windows Registry. By running the malicious\r\n.exe file, it is able to search for the Roblox cookie. The same goes for Minecraft sessions, Discord tokens, etc\r\nsince it is stored in the user's computer.\r\nRecommended tools for testing Mercurial: (when running the produced output after building)\r\nVirtualbox\r\nVMware\r\nProcess Hacker\r\nVirusTotal\r\nTips to check if an exe file is safe:\r\nAnalyze the file with VirusTotal\r\nCheck if the exe file has a publisher\r\nCheck it in a sandbox\r\nMonitor the file’s network activity for strange behavior\r\nEducational Purposes Only\r\nhttps://github.com/NightfallGT/Mercurial-Grabber\r\nPage 2 of 3\n\nThis tool demonstrates and makes it easy to create your own grabber. This shows what type of information\r\nattackers can grab from a victim's computer. Only use this on your own PC and do not use it on other people\r\nmaliciously.\r\nSource: https://github.com/NightfallGT/Mercurial-Grabber\r\nhttps://github.com/NightfallGT/Mercurial-Grabber\r\nPage 3 of 3", "extraction_quality": 1, "language": "EN", "sources": [ "Malpedia" ], "origins": [ "web" ], "references": [ "https://github.com/NightfallGT/Mercurial-Grabber" ], "report_names": [ "Mercurial-Grabber" ], "threat_actors": [ { "id": "aa73cd6a-868c-4ae4-a5b2-7cb2c5ad1e9d", "created_at": "2022-10-25T16:07:24.139848Z", "updated_at": "2026-04-10T02:00:04.878798Z", "deleted_at": null, "main_name": "Safe", "aliases": [], "source_name": "ETDA:Safe", "tools": [ "DebugView", "LZ77", "OpenDoc", "SafeDisk", "TypeConfig", "UPXShell", "UsbDoc", "UsbExe" ], "source_id": "ETDA", "reports": null } ], "ts_created_at": 1775434350, "ts_updated_at": 1775826760, "ts_creation_date": 0, "ts_modification_date": 0, "files": { "pdf": "https://archive.orkl.eu/b299a7f0c072b43a658186ff0cb04a9337565e3e.pdf", "text": "https://archive.orkl.eu/b299a7f0c072b43a658186ff0cb04a9337565e3e.txt", "img": "https://archive.orkl.eu/b299a7f0c072b43a658186ff0cb04a9337565e3e.jpg" } }