Malware Traffic Analysis with Wireshark - Detecting Dridex C2 Traffic
In this project, I analysed a PCAP capture of a compromised Windows machine to uncover signs of a Dridex banking Trojan infection. Using Wireshark I identified encrypted TLS sessions, extracted suspicious Server Name Indication (SNI) domains , followed malicious TCP streams, and confirmed active C2 beaconing. This post shows step-by-step how I discovered the infection along with key Indicators of Compromise ( IOCs ) so you can replicate the same process in your own malware traffic analysis lab . Lab Topology & Overview Host OS for analysis: Ubuntu . Packet analysis tool: Wireshark Enviromental Setup & Pcap download Before opening the PCAP file , I ensured my virtual machine was isolated from the Interne t so that any embedded malware activity could NOT communicate externally. I changed my VMware network adapter to LAN Segment (Away From Internet) : What this guarantees No accidental malware execution No C2 communication leaving the VM Safe packet analysi...