SolyxImmortal is a sophisticated Python malware targeting Windows systems, designed for information theft. It steals credentials, captures documents, logs keystrokes, and takes screenshots, all while running quietly in the background. The malware connects to Discord webhooks to exfiltrate data, leveraging common system APIs and libraries to avoid detection. Its stealthy operation focuses on long-term access and continuous monitoring rather than quick, destructive actions. The malware is packaged as a single executable file, Lethalcompany.py, which is 10.29 KB in size. Once executed, it ensures persistence by copying itself to a directory in the user's AppData and renaming the file to appear legitimate. It modifies file attributes to hide its presence and registers itself in the user’s Run key for automatic execution on login without needing admin rights. The malware’s core functionality is encapsulated in a single class that handles everything from environment discovery to data exfiltration. SolyxImmortal targets multiple Chromium-based browsers by accessing known profile paths to extract saved credentials using Windows DPAPI for decryption. It filters through the user's home directory to harvest documents, prioritizing sensitive files while minimizing system strain. Data is staged in a temporary directory, compressed, and sent to the attacker via HTTPS POST requests to minimize detection risks. Keystrokes are logged through a persistent listener, with periodic exfiltration to reduce network traffic. The malware also captures screenshots based on active window titles and predefined keywords, ensuring continuous monitoring of user activity.