EvilAI Operators Use AI-Generated Code and Fake Apps for Far-Reaching Attacks - Indicators of Compromise

[File name]		[SHA256 hash]								[Detection]
justaskjacky.exe	8ecd3c8c126be7128bf654456d171284f03e4f212c27e1b33f875b8907a7bc65	Trojan.Win32.EVILAI.A
manualshq.exe		49a4442e73521ecca8e56eb6dbc33f31eb7cfa5e62a499e552bcd29a29d79d8a	Trojan.Win32.EVILAI.A
PDF Editor.exe		b0c321d6e2fc5d4e819cb871319c70d253c3bf6f9a9966a5d0f95600a19c0983	Trojan.Win64.DROPPER.CRCBA
PDF Editor.exe		cb15e1ec1a472631c53378d54f2043ba57586e3a28329c9dbf40cb69d7c10d2c	Trojan.Win64.DROPPER.BB
index.js		ad0655b17bbdbd8a7430485a10681452be94f5e6c9c26b8f92e4fcba291c225a	Backdoor.JS.EVILAI.A
{GUID}or.js		95001359fb671d0e6d97f37bd92642cc993e517d2307f373bfa9893639f1a2bc	Backdoor.JS.EVILAI.A
main.js			9f369e63b773c06588331846dd247e48c4030183df191bc53d341fcc3be68851	Trojan.JS.EVILAI.YXFH1  
main.js			cf45ab681822d0a4f3916da00abd63774da58eb7e7be756fb6ec99c2c8cca815	Trojan.JS.EVILAI.YXFH1
{GUID}or.js		ce834dca38aeac100f853d79e77e3f61c12b9d4da48bb0a949d0a961bf9c0a27	Backdoor.JS.EVILAI.A


[C&C servers]
hxxps://9mdp5f[.]com
hxxps://5b7crp[.]com
hxxps://mka3e8[.]com
hxxps://y2iax5[.]com
hxxps://abf26u[.]com