Technical Analysis of SnappyClient

This report provides a technical analysis of SnappyClient, an advanced infostealer observed in eCrime campaigns that steals browser data, extension data (notably crypto wallet extensions), and system artifacts; it details the attack chain (often delivered via a HijackLoader loader and fake websites), embedded plaintext and encrypted configurations, AMSI bypass, process injection techniques (including Heaven's Gate and transacted hollowing), a custom ChaCha20-Poly1305 encrypted/compressed network protocol, supported commands (file exfiltration, remote shells, proxies, HVNC), and observed targeting focused on cryptocurrency theft.