When the threat is executed, it searches for a Bitcoin wallet in the following location: %UserProfile%\AppData\Roaming\Bitcoin\wallet.dat
It then attempts to email the wallet to the attacker using the following SMTP server:
This malware exploits perhaps the only facet of Bitcoin that its users have expressed concern over: unencrypted Bitcoin wallets. And since everything is anonymously transferred over the Bitcoin network, if someone were to successfully steal a Bitcoin wallet, there would be no way to tell that they bitcoins they use are stolen vs. mined or obtained through trade.
Already, one Bitcoin user has allegedly had hundreds of thousands of dollars worth of bitcoins stolen from them by a hacker. In addition to that and this malware, another potential concern will be those who store their Bitcoin wallets on wide-open indexes on their Web site while having no idea that Google and other search engines can see and index it. This data could then be mined by any searcher using queries like the following:
intitle:index.of wallet filetype:datintitle:index.of "wallet.dat"
For a high-level overview of Bitcoin, watch the following promotional video: