New Chainshot Malware Found By Cracking 512-Bit RSA Key

Posted by & filed under Security Alerts.

Security researchers exploited a threat actor’s poor choice for encryption and discovered a new piece of malware along with network infrastructure that links to various targeted attacks.

The new piece of malware, which received the name Chainshot, is used in the early stages of an attack to activate a downloader for the final payload in a malicious chain reaction.

Researchers from of Palo Alto Networks Unit 42 found Chainshot after following the trails of an Adobe Flash zero-day exploit (CVE-2018-5002) used in a series of targeted malware campaigns.

Cracking the encryption

By studying network captures of traffic exchanged with the attacker’s command and control (C2) servers, Unit 42 malware analysts noticed that the malware payload was encrypted with a 512-bit RSA key. The RSA (Rivest–Shamir–Adleman) cryptosystem uses an asymmetric key algorithm, where a public key is used to encrypt data and a private one is required to decrypt it.

Cracking a 512-bit key is possible since 1999 when factoring the modulus required 300 computers working for a period of seven months. Today, all you need is money to rent cloud computing power and a few hours of waiting time.

In a technical report today, the researchers explain how they were able to crack the private key that decrypted Chainshot.

“While the private key remains only in memory, the public keys’ modulus n is sent to the attacker’s server. On the server side, the modulus is used together with the hardcoded exponent e 0x10001 to encrypt the 128-bit AES key which was used previously to encrypt the exploit and shellcode payload,” they write.

Using Factoring as a Service (FaaS), the researchers were able to calculate the decryption key and access the Chainshot malware.

Chainshot is multipurpose

Apart from being part of a chain reaction that makes it difficult to analyze components individually, Chainshot contains code designed to search for and bypass Kaspersky and Bitdefender antivirus solutions for both x86 and x64 platforms.

Palo Alto told BleepingComputer that the attack occurred in May, and that they couldn’t verify at the time of the analysis that the bypass code worked against Kaspersky and Bitdefender defenses. Bitdefender confirmed us that their users are protected against Chainshot since July. Kaspersky’s Artem Baranov said that he would test the exploit with the Automatic Exploit Prevention component.

Chainshot’s task is to push another malware on the compromised machine, which drops the final payload. The dropper is also responsible for fingerprinting the system, sending details about the user and the processes running on the machine. Because the adversary made the mistake of using insecure encryption and recycling an SSL certificate in other attacks, security researchers were able to correlate the campaign with other incidents and paint a more clear picture of the entire operation.


The information contained in this website is for general information purposes only. The information is gathered from Bleeping Computer while we endeavour to keep the information up to date and correct, we make no representations or warranties of any kind, express or implied, about the completeness, accuracy, reliability, suitability or availability with respect to the website or the information, products, services, or related graphics contained on the website for any purpose. Any reliance you place on such information is therefore strictly at your own risk.
Through this website, you are able to link to other websites which are not under the control of CSIRT-CY. We have no control over the nature, content and availability of those sites. The inclusion of any links does not necessarily imply a recommendation or endorse the views expressed within them.
Every effort is made to keep the website up and running smoothly. However, CSIRT-CY takes no responsibility for, and will not be liable for, the website being temporarily unavailable due to technical issues beyond our control.