Yeah all it is, is either a RAT or IRC/HTTP bot which has downloaded and executed a open source wallet stealer which uploads the wallet to an FTP. If its a rat then the attacker would of just used remote file manager.

Either way nothing special, having the binary used however would allow us to find the point of origin. Especially if a RAT was used because they make connection to the attacker themselves and not a centralized command and control server.


I think OP you being infected and having your wallet stolen would of been in the time frame of 24 hours max. So thinking back to when your had you wallet stolen anything within a day of downloading some form of exe would help.

Not only would you wallet of been stolen but you would of probably fell victim to the attacker actually mining on your computer. This is something else that saddens me because people who do this do very little to hide the login and password to the Pool they are mining for .
 

I would try a simple dictionary attack on the mail.ru for the email however I do not posses and Russian based pass lists. Either way ill keep trying and see what I can find.

Why does this happen to other people and not me, I WANT to be infected by such malware .