The security researchers of Palo Alto Network found a way to crack 512-Bit RSA Key and decrypt the Payloads to new attack framework named CHAINSHOT, the reason behind this name , that it is a targeted attack with several stages and every stage depends on the input of the previous one.
What is RSA Key?
RSA (Rivest-Shamir-Adleman) is one of the first public-key cryptosystems and is widely used for secure data transmission. In such a cryptosystem, the encryption key is public and it is different from the decryption key which is kept secret (private). In RSA, this asymmetry is based on the practical difficulty of the factorization of the product of two large prime numbers, the “factoring problem”.
According to PaloAltoNetworks, they uncovered additional attacker network infrastructure, were able to crack the 512-bit RSA keys, and decrypt the exploit and malware payloads. We have dubbed the malware ‘CHAINSHOT’, because it is a targeted attack with several stages and every stage depends on the input of the previous one.
How To Crack RSA Key?
Security researchers are checking a point the RSA key is needed. While the private key remains only in memory, the public keys’ modulus is sent to the attacker’s server.
On the server-side, the modulus is used together with the hardcoded exponent e 0x10001 to encrypt the 128-bit AES key which was used previously to encrypt the exploit and shellcode payload. The encrypted exploit or payload is sent back to the downloader which uses the in-memory private key to decrypt the AES key and the exploit or payload.
By using a Factory as a service, the researcher were able to calculate the decryption key and access the chainshot Malware. In order to do so, we have to factorize the modulus n into its two prime numbers p and q. Luckily this problem has already been solved previously, by an awesome public project ‘Factoring as a Service‘.
The shellcode Payload can contains the code to bypass Kaspersky and Bitdefender antivirus software for both x64 and x85 OS platforms.
Impact of CHAINSHOT Malware
This was possible because the attacker made a mistake in using insecure 512-bit RSA encryption. The malware sends user information encrypted to the attacker server and attempts to download a final stage implant. It was allegedly developed with the help of an unknown framework and makes extensive use of custom error handling.
Because the attacker made another mistake in using the same SSL certificate for similar attacks, we were able to uncover additional infrastructure indicating a larger campaign.