Make a backup of everything. Then, open the backup on your computer and make sure it is 100%. Double check. Then delete everything except the config files; as I recall, it's just wp-config.php. All other files will be overwritten with newer versions. Save that config file somewhere handy. Extract the files to your preferred location and then remove the provided wp-config.php and replace it with your wp-config.php.
If you have enough databases available, leave the old database alone and create a new database. If you do not, back up the old database (structure and data), then drop the old database. This is not in the filesystem; if you miss this step you will lose any content from your old website forever.
*Change your database password* Theoretically, the compromised website has allowed this database password to be exposed. You should change this password anywhere you have used it.
I'm going to recommend doing this via Softaculous once more. The installation process is easier, it sends you update reminders (and the update process is easier), and it integrates well with DirectAdmin.