Malware
ELECTRICFISH
The application is a command-line utility and its primary purpose is to tunnel traffic between two IP addresses.
ELECTRICFISH is a Windows malware family operated by Lazarus Group.
Background
ELECTRICFISH is a command-line utility whose main function is to tunnel traffic between two IP addresses. It takes command-line arguments to configure a destination IP and port, a source IP and port, a proxy IP and port, and a username and password for authenticating to a proxy server. The tool tries to open TCP sessions with both the source and destination IP addresses, and once both connections succeed it applies a custom protocol to tunnel traffic quickly and efficiently between the two hosts. When needed it can authenticate through a proxy to reach the destination, though a configured proxy server is not required for it to operate.
Source: Malpedia (Fraunhofer FKIE).