Yeah all it is, is either a RAT or IRC/HTTP bot which has downloaded and executed a open source wallet stealer which uploads the wallet to an FTP. If its a rat then the attacker would of just used remote file manager.

Either way nothing special, having the binary used however would allow us to find the point of origin. Especially if a RAT was used because they make connection to the attacker themselves and not a centralized command and control server.


I think OP you being infected and having your wallet stolen would of been in the time frame of 24 hours max. So thinking back to when your had you wallet stolen anything within a day of downloading some form of exe would help.

Not only would you wallet of been stolen but you would of probably fell victim to the attacker actually mining on your computer. This is something else that saddens me because people who do this do very little to hide the login and password to the Pool they are mining for .
 

I would try a simple dictionary attack on the mail.ru for the email however I do not posses and Russian based pass lists. Either way ill keep trying and see what I can find.

Why does this happen to other people and not me, I WANT to be infected by such malware .

Nothing to worry about too much, download Comodo firewall its a good program for monitoring and blocking any malicious connections. Most malware is spread the traditional way such as via torrents, Youtube, drive by's etc. So staying protected just means staying wise and being cautious of sites you visit and files you download.

[Deleted Information I provided]

Op I'm going to compile a list on everything I can find out this thief. Just give me time to filter all the relevant information.

Easy mistake to make, I've delved into things before without doing my research, its just one of them things you learn from experience.

His note on the invoice does not count for nothing by the way so try not to worry to much about that.

Here is something I copied from paypal


Step 1 - Identify issue
Most disputes are the result of simple misunderstandings. It's best to initiate communication with the seller as soon as you recognise a potential problem.

You can open a dispute in the Resolution Centre within 45 calendar days of payment. By opening a dispute, you are able to communicate directly with your seller to work out a problem transaction.

If you and your seller are unable to agree on a solution, you must escalate the dispute to a PayPal claim within 20 calendar days of the date the dispute was opened. By escalating to a claim, you would be asking PayPal to review the case and decide the outcome.



Step 1 - Open dispute right away
You can open a disputeA buyer asks for a seller's help in resolving an issue with a transaction. in the Resolution CentreLocated in My Account, the PayPal resource for resolving issues between buyers and sellers. to contact a seller directly and resolveA buyer and seller come to an agreement and close the case, or PayPal comes to a decision and closes the case. a problematic transaction. You have 45 days from the payment date to open a dispute. Common reasons for opening a dispute include:

You paid for an item but haven't received it and the seller is uncooperative or nonresponsive.
You received an item that was significantly different from how it was described.
Click the Report a Problem button in the Resolution Centre to open a dispute. Then, provide more information about the issue and post a message to the seller.

Transactions older than 45 days cannot be disputed but should still be reported. PayPal tracks seller performance trends in the event we need to take action to protect other buyers.



Step 2 - Negotiate to resolve dispute
You and the seller have 20 days to resolve the dispute or escalate it to a PayPal claimA buyer or seller asks PayPal to review a dispute and decide the outcome..

The seller reviews your message and replies in the Resolution Centre. This is your opportunity to communicate directly and resolve the issue by exchanging message posts. Communicate clearly and include suggestions about how to resolve the issue, such as through a full or partial refund.

PayPal can view all posted messages in case the dispute is escalated to a claim.

We place a holdRestricting the funds associated with a dispute so they cannot be withdrawn from a buyer’s or seller's PayPal account. on all funds related to the transaction until the dispute is resolved or closed.


Step 3 - Close the dispute or escalate to a claim
You can closeTo end a dispute or claim. A closed dispute cannot be reopened or escalated to a claim. We automatically close disputes after 20 days unless they have been escalated to a PayPal claim. a dispute if you and the seller reach an agreement.

Otherwise, you can escalate the dispute to a PayPal claim within 20 days of opening the dispute. You must wait seven days to allow for postage before escalating a dispute to a PayPal claim for an item not received. We automatically close disputes after 20 days.

Wait until you are 100% satisfied with the resolution before closing a dispute. A closed dispute cannot be reopened or escalated to a PayPal claim.

Select the open dispute in the Resolution Centre and click the desired action at the bottom of the dispute details screen to close or escalate a dispute.

We require more information from you when you escalate a dispute to a PayPal claim.


Step 4 - We investigate and resolve the claim
By escalating a dispute to a claim, you are asking PayPal to review it and decide the outcome.

We try to resolve cases within 30 days, but complex cases may take longer to investigate, deliver a final decision, release any funds and close the case.

You and the seller may be subject to specific deadlines for new information. We use the messages exchanged in the Resolution Centre, along with other details, to determine the outcome.

You can track the progress of your claim and respond to requests for information in the Resolution Centre.

We notify you when we come to a final decisionPayPal's decision resolving and closing the case..


It will take time however you will get your money back and the other idiot will have his paypal account limited.

I'm surprised, The most likely outcome of the situation could of been you becoming the scammer. By no means am I am accusing you of anything however once he sent the bitcoins you could easily charge back the payment and have both the money and bitcoins.

But to answer your question, yes you can cancel the transaction and receive all your money back providing of course you did not send the money to him as a gift, that often causes problems.

Probably a long shot however do you still have the binary of the trojan used to steal your wallet file. Majority of the wallet stealers originate from the same source which uploads the wallet.dat to an FTP server. With a little RE using some debug tools you may be able to find a little more info about the person by finding the ftp host name user and password.

If that does not help running the binary within a virtual machine and checking to see the outbound connection would possibly allow you to see the ip of the command and control server used for his trojan horse in which case you could use do a whois on it. However there could be a possibility that they may have used false credentials for their c&c.

Again a longshot, will post if anything more springs to mind.