Includes basic anti-debugging and anti-VM (Virtual Machine) checks to detect if it is being run by a security researcher in a sandbox. Delivery Methods
Distributed via phishing emails or "freeware" links in YouTube descriptions and Discord servers. Typical Infection Cycle Mercurial Grabber.exe
Written in C# (C Sharp) using the .NET framework, making it relatively easy to reverse-engineer if it isn't obfuscated. Mercurial Grabber.exe