Probably a long shot however do you still have the binary of the trojan used to steal your wallet file. Majority of the wallet stealers originate from the same source which uploads the wallet.dat to an FTP server. With a little RE using some debug tools you may be able to find a little more info about the person by finding the ftp host name user and password.

If that does not help running the binary within a virtual machine and checking to see the outbound connection would possibly allow you to see the ip of the command and control server used for his trojan horse in which case you could use do a whois on it. However there could be a possibility that they may have used false credentials for their c&c.

Again a longshot, will post if anything more springs to mind.