We can generate the SQL with:
$query = new WP_User_Query(
[
'role' => 'Administrator',
'count_total' => false,
]
);
echo $query->request;
that outputs:
SELECT wp_users.*
FROM wp_users
INNER JOIN wp_usermeta ON ( wp_users.ID = wp_usermeta.user_id )
WHERE 1=1
AND ( ( ( wp_usermeta.meta_key = 'wp_capabilities'
AND wp_usermeta.meta_value LIKE '%\"Administrator\"%' ) ) )
ORDER BY user_login ASC
You might have a different table prefix, than showed here.
Note that deleting the hidden administrator user, will most likely not fix the problem, as there might still be other backdoor(s). Recovering hacked sites is in general off topic here, but you could try to contact your hosting provider or security experts, regarding available backups, security reviews, etc.