Point Wild conducted an in-depth analysis of a suspicious PyInstaller-packed Python sample and identified it as a multi-stage malware loader designed to deploy the XWorm Remote Access Trojan (RAT), specifically associated with the XWorm V7.4 campaign. The sample leveraged multiple layers of obfuscation, staged execution and anti-analysis techniques to conceal its true functionality and evade detection by traditional security controls.