user@threatcheck.sh ~ threat-analysis
bash
$ analyze-threat Trojan:Script/SAgent.HAB!MTB
Trojan:Script/SAgent.HAB!MTB - Windows Defender threat signature analysis

Trojan:Script/SAgent.HAB!MTB - Windows Defender Threat Analysis

$ cat analysis.txt
=== THREAT ANALYSIS REPORT ===
Threat Name: Trojan:Script/SAgent.HAB!MTB
Classification:
Type:Trojan
Platform:Script
Family:SAgent
Detection Type:Concrete
Known malware family with identified signatures
Variant:HAB
Specific signature variant within the malware family
Suffix:!MTB
Detected via machine learning and behavioral analysis
Detection Method:Behavioral
Confidence:Very High
False-Positive Risk:Low

Concrete signature match: Trojan - Appears legitimate but performs malicious actions for Script platform, family SAgent

Summary:

This threat is a script-based trojan from the SAgent malware family, a known information stealer. It is designed to steal sensitive data such as login credentials from web browsers, email clients, and other applications on the compromised system. The stolen information is then exfiltrated to an attacker-controlled server.

Severity:
Medium
VDM Static Detection:
No detailed analysis available from definition files.
Known malware which is associated with this threat:
Filename: o.xml
31e262cb37dc0062209877ca7cc18fa53d5d4e131528b5645752259ef6a7b206
18/11/2025
VirusTotalDownload Sample
Remediation Steps:
Ensure the threat is quarantined or removed by the security product. Immediately change all critical passwords for online accounts (email, banking, etc.) as credentials may have been compromised. Run a full system scan with updated definitions to check for any residual components.
=== END REPORT ===
$ reanalyze-threat
This analysis was last updated on 18/11/2025. Do you want to analyze it again?
$ ls available-commands/
→ cd /home
user@threatcheck.sh:~$