diff --git a/pkgs/development/python-modules/malduck/default.nix b/pkgs/development/python-modules/malduck/default.nix
new file mode 100644
index 00000000000..a9a8419a04d
--- /dev/null
+++ b/pkgs/development/python-modules/malduck/default.nix
@@ -0,0 +1,48 @@
+{ lib
+, buildPythonPackage
+, capstone
+, click
+, cryptography
+, fetchFromGitHub
+, pefile
+, pycryptodomex
+, pyelftools
+, pythonOlder
+, typing-extensions
+, yara-python
+}:
+
+buildPythonPackage rec {
+  pname = "malduck";
+  version = "4.1.0";
+  disabled = pythonOlder "3.7";
+
+  src = fetchFromGitHub {
+    owner = "CERT-Polska";
+    repo = pname;
+    rev = "v${version}";
+    sha256 = "04d8bhzax9ynbl83hif9i8gcs29zrvcay2r6n7mcxiixlxcqciak";
+  };
+
+  propagatedBuildInputs = [
+    capstone
+    click
+    cryptography
+    pefile
+    pycryptodomex
+    pyelftools
+    typing-extensions
+    yara-python
+  ];
+
+  # Project has no tests. They will come with the next release
+  doCheck = false;
+  pythonImportsCheck = [ "malduck" ];
+
+  meta = with lib; {
+    description = "Helper for malware analysis";
+    homepage = "https://github.com/CERT-Polska/malduck";
+    license = with licenses; [ bsd3 ];
+    maintainers = with maintainers; [ fab ];
+  };
+}
diff --git a/pkgs/top-level/python-packages.nix b/pkgs/top-level/python-packages.nix
index 70e06433e92..ce0eda8e5e4 100644
--- a/pkgs/top-level/python-packages.nix
+++ b/pkgs/top-level/python-packages.nix
@@ -4154,6 +4154,8 @@ in {
 
   Mako = callPackage ../development/python-modules/Mako { };
 
+  malduck= callPackage ../development/python-modules/malduck { };
+
   managesieve = callPackage ../development/python-modules/managesieve { };
 
   manhole = callPackage ../development/python-modules/manhole { };