SolyxImmortal - Analysis of a Python-based Information Stealer

SolyxImmortal is a Python-based information stealer that establishes persistence via a Run registry key, collects Chromium browser credentials, Firefox cookies, selected user documents (100 bytes–10 MB), periodic and keyword-triggered screenshots, and keystrokes, stages the data into a ZIP, and exfiltrates it (reported via Discord webhooks). The analysis documents execution flow, imported modules, collection and exfiltration routines, sample hashes/metadata, Turkish language indicators suggesting targeted victims, MITRE ATT&CK mappings, and recommended mitigations such as deploying EDR, restricting Python execution, and user education.