You could possibly create a script that continuously crawls your entire filesystem and logs the following:
modtime filename sha1sum
Then you could index that log file and find the files you are after and the modtime they had that sha1sum.
But it's not possible to compare an arbitrary sha1sum to the current filesystem with Splunk. Although you could potentially create some kind of custom command.
Are you logging the SHA1SUMs to a file? Or you want splunk to calculate the SHA1SUM for every file on your host?
Splunk to check which files in the entire file system has specific SHA1 checksum value.
For example: Show all files that have sha1sum 7716D83C0D06AB356BDFA52DEF1AF64BC5210