Encrypted configuration : hxxp://myehterwallet.top/UJZfOVD59Rue1AtQ/conf.php
Panel Login : hxxp://myehterwallet.top/UJZfOVD59Rue1AtQ/login.php
Behavior : Steals data from browsers chrome,firefox,internet explorer/Edge ,
steals data from applications like WinSCP,Pidgin ,
steals data from Microsoft Outlook via registry.
Sample : hxxp://45.141.86.139/update/updatewallet.exe
Hosting Info :
hxxp://whois.domaintools.com/47.254.174.146