user@threatcheck.sh ~ threat-analysis
bash
$ analyze-threat Trojan:Script/SAgent.HNAA!MTB
Trojan:Script/SAgent.HNAA!MTB - Windows Defender threat signature analysis

Trojan:Script/SAgent.HNAA!MTB - Windows Defender Threat Analysis

$ cat analysis.txt
=== THREAT ANALYSIS REPORT ===
Threat Name: Trojan:Script/SAgent.HNAA!MTB
Classification:
Type:Trojan
Platform:Script
Family:SAgent
Detection Type:Concrete
Known malware family with identified signatures
Variant:HNAA
Specific signature variant within the malware family
Suffix:!MTB
Detected via machine learning and behavioral analysis
Detection Method:Behavioral
Confidence:Very High
False-Positive Risk:Low

Concrete signature match: Trojan - Appears legitimate but performs malicious actions for Script platform, family SAgent

Summary:

This detection identifies a malicious script from the SAgent trojan family, identified by machine learning-based behavioral analysis (!MTB). This threat is typically used as a first-stage dropper to download additional malware, steal information, and establish a persistent backdoor on the compromised system.

Severity:
Medium
VDM Static Detection:
No specific strings found for this threat
Known malware which is associated with this threat:
be82c8c77e6e3f64ece7df84511c4dbb60c80244ec03255ab462ff2300180ba9
13/04/2026
VirusTotalDownload Sample
bf2f39f074fb9279da9493caff8939b81eadb63af39823e4dec21c79eb8130e8
04/04/2026
VirusTotalDownload Sample
Filename: zxc.sh
01f57736fd1e6dc10ea917ad5fce56201479cd4bffc814000427c4f367440957
06/12/2025
VirusTotalDownload Sample
Remediation Steps:
Isolate the affected host from the network. Use Windows Defender to perform a full system scan and ensure the threat has been quarantined or removed. Investigate the initial access vector (e.g., phishing email) and scan for persistence mechanisms or secondary payloads.
=== END REPORT ===
$ reanalyze-threat
This analysis was last updated on 06/12/2025. Do you want to analyze it again?
$ ls available-commands/
→ cd /home
user@threatcheck.sh:~$