In hindsight and with regard to your questions, I should've noted this first and been more aware of these policies so as to share them with you. But, in my overly excited ability to answer what seemed to be a long-time unanswered question, I failed to recognize that this question may be considered off-topic and why perhaps it did stay unanswered, and it's likely because it's unclear what problem you are trying to solve. In any case, since it's already been written, I hope it serves someone well who stumbles upon this.
What actually is wallet.dat hash and how does hashcat actually brute force the hash?
A Bitcoin wallet is stored as a wallet.dat file that is partially encrypted using a user generated password. The private key of your wallet (a 256-bit number) is symmetrically encrypted with a random master key and that master key is subsequently encrypted with the user-defined password. The wallet.dat hash then, is the converted binary blob of your wallet into a human-readable string of letters and numbers. This answer assumes that the extraction was done using a JohnTheRipper script and may not necessarily be accurate if another method or hash was extracted from the wallet file. The assumed script referenced, to be exact, is the bitcoin2john.py. If an alternative method was used, this answer might not be accurate.
How Hashcat brute forces the hash is up to the user in some ways, as it offers multiple methods of attack that could be defined by the user. But in the broad sense, and to clarify what is understood usually when referring to the use of phrase "brute force" in password cracking: Hashcat attempts to guess the password by hashing each given prospective password and finding one that, in its hashed form, matches the hashed form of the correct password. In most cases, it's done by using a word list but again, with it's multiple options, the 'how' per se, will depend on how one chooses to configure Hashcat. (i.e. all methods of obtaining the password are by some shape or form, a matter of guessing the right password, but how one goes about coming up with what passwords to guess is what I refer to by defining the 'how' Hashcat.) I've also excluded the other considerations undertaken by Hashcat that are far more complicated and technical for this oversimplified explanation of how it works. If you're genuinely curious, then you'll be better informed by the full explanation here and on AES here.
b198b8303389b0aba9dec671bafb51f421f001a665317f1d155a1371c82c6dcd it is
the hash of master key? **2536019a6f48b3de is the salt? 128125 is the
number of rounds?
Please correct me if I am wrong in the above assumptions of mine.
Because there are a number of ways to extract some form of hash from the wallet.dat, there isn't specifications about how you came about getting that hash, and because various wallet software operates differently from one another, I can only speculate what process and wallet you used in saying that: for the most part your assumptions are correct. I would just make a note to clarify that the first string is the "hashed form" of the master key as broadly explained in the answer to the first question. Remember that the master key is encrypted using an encryption key which was generated from the user password.
To be sure, that means your password is used to create an encryption key which is then used to encrypt a completely random master key, which is then used to encrypt your Bitcoin wallet's private key. This is important to note as it will also answer one of your later questions but for now, and for the sake of semantics, it's a hashed form of the master key and doesn't tell you what the encryption key that was used is, let alone the original password.
Next, I am curious how hashcat deals with this hash (technically)?
What is the sequential procedure of hashcat? Does it brute force the
master key first and then the passphrase?
This should be partially covered by the answer to the first question but to summarize as an example, (and not getting into too much of the technical details that you yourself can, with due diligence, find online) and with a need to oversimplify a complicated process; if you had 100 words that you think might be the password, Hashcat would hash those prospective passwords based on the information provided from the wallet.dat hash, which includes the salt, iterations, etc. among other things. Most hashing constructions are more complex than simply concatenating a password and salt but in this case, Hashcat is using the applicable and identified algorithms it has been provided to apply those to the list of prospective passwords (AKA wordlists) it's been given and generates a hash as if it were the password and then compares the resulting hash to the wallet hash to see if there is match. The work is, at the lowest level, a hashing and guessing game to find a match. Once it finds a match, depending on, again, the settings, it will either stop, go through the rest of the words in the word list, or closes. In the case of the last option, you would need to run Hashcat again with the option of revealing the hashed passwords.
It seems as if these are more questions of wonder and curiosity as opposed to actual questions related to solving a programming problem or issue. But, since we've come to this far, finally:
Then what are first 32 characters in this hash if the master key is
b198b8303389b0aba9dec671bafb51f421f001a665317f1d155a1371c82c6dcd?
With the previously mentioned explanation of how one arrives at the hashed form of the master key, you should be able to deduce what it's likely to be. Otherwise, there are too many variations of the "pywallet" extraction script from different repositories and developers so unfortunately I wouldn't be able to offer you an exact answer per se. But moving forward you may wish to review this page that might provide more references specific to your situation to more quickly help find an answer. But be aware, sometimes no one answers because there are some we shouldn't answer.
Best of luck in your thirst for knowledge!
