Threat Intelligence Report

From PyInstaller to XWorm V7.4: Infection Chain Analysis

📅 May 26, 2026 📰 www.pointwild.com 🔍 0 CVE(s) referenced

A heavily obfuscated, multi-stage PyInstaller-packed loader is being used to stealthily deploy XWorm V7.4 RAT, leveraging advanced AMSI bypass, in-memory decryption, stealthy payload deployment, and encrypted C2 communications to enable persistent, remote attacker control while evading traditional security defenses.

vendor

🔐 Sign In to Read Full Report

You'll need to accept our Terms of Service to access the platform.

📊 Visual Mindmap

🎯 IOC Extraction

⚔️ MITRE ATT&CK TTPs

📦 STIX 2.1 Bundle